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Welcome 


BTEC Nationals are widely recognised by higher education and industry as the 
vocational qualification of choice at Level 3. They provide students with meaningful 
and practical learning experiences across a range of career sectors to prepare them 
to progress to higher education as a route to graduate-level employment. 


Recent data has shown that one in five adults of working age in the UK has a BTEC 
qualification. What's more, well over 90,000 BTEC students apply to UK universities 
every year and their BTEC Nationals are accepted by over 150 UK universities and other 
higher education institutions for relevant degree programmes either on their own or in 
combination with A Levels. 


Why are BTECs so successful? 


BTECs embody a fundamentally student-centred approach to the curriculum, with a 
flexible, unit-based structure and knowledge applied through a balanced combination 
of assignments and examinations. They enable the holistic development of the practical, 
interpersonal and thinking skills required to succeed in higher education and 
employment. 


When creating these BTEC Nationals we focused on the skills and personal attributes 
needed to navigate the future, and have worked with many higher education providers, 
professional bodies, colleges and schools to ensure that their needs are met. Employers 
are looking for future employees with a thorough grounding in the latest industry 
requirements and work-ready skills such as critical thinking and problem solving. 

Higher education needs students who have experience of research, extended 

writing and meeting deadlines. 


We have addressed these requirements by: 


e Facilitating and guiding the development of transferable skills through the design 
and delivery of the qualifications, using a holistic and practical framework which is 
based on recent research into the most critical skills needed to navigate the future. 
This Transferable Skills framework has been used to embed transferable skills in 
the qualifications where they naturally occur and also to signpost opportunities for 
delivery and development as a part of the wider BTEC learning experience. 

See page 6 for further information. 


e Supporting the delivery of Sustainability Education and Digital Skills development 
naturally through the content design of the qualifications. Mapping is provided for 
each qualification to identify where the opportunities for teaching and learning exist. 


e Updating sector-specific content to ensure it is relevant and future-facing. 


e Implementing a consistent approach to assessment with a balanced combination of 
internal and external assessments to better engage students, make the qualifications 
more accessible for them and more manageable for centres to deliver. 


We are providing a wealth of support, both resources and people, to ensure that 
students and their teachers have the best possible experience during their course. 
See Section 5 for details of the support we offer. 


This specification document should be used in conjunction with Pearson BTEC Level 3 
National Administrative Support Guide which is available on our website. 


A word to students 


Today's BTEC Nationals will require commitment and hard work, as you would expect 

of the most respected applied learning qualification in the UK. You will have to complete 
a range of units, be organised, take some assessments that we will set and mark and 
undertake practical tasks and assignments. But you can feel proud to achieve a BIEC 
because, whatever your plans in life - whether you decide to study further, go on to 
work or an apprenticeship - your BTEC National will be your passport to success in 

the next stage of your life. 


Good luck, and we hope you enjoy your course. 
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1 Introduction 


Why choose Pearson Level 3 Alternative Academic 
Qualification BTEC National in Information Technology 
(Extended Certificate)? 


We've listened to feedback from all parts of the Information Technology subject 
community, including higher education. We've used this opportunity of curriculum change 
to redesign qualifications so that they reflect the demands of a truly modern and evolving 
digital environment - qualifications that enable your students to apply themselves and 
give them the skills to succeed in their chosen pathway. 


The Pearson Level 3 Alternative Academic Qualification BTEC National in Information 
Technology (Extended Certificate) allows students to study the fundamental knowledge 
of Information Technology covering the role and implications of using Information 
Technology systems and cyber-security threats and how to manage attacks. Students 
will also develop important skills for creating websites to meet a specific purpose and 
to manage data through the development of a relational database solution. 


There are two examined units and two internally assessed units where students will 
engage in practical tasks to develop their Information Technology skills and knowledge. 


The qualification is designed to be taken alongside A Levels as part of a study programme 
and can link to learning in A Level Mathematics and A Level Business Studies. It is 
intended for students that wish to progress into higher education as a pathway to 
employment. 
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Total Qualification Time 


For all regulated qualifications, Pearson specifies a total number of hours that it is 
estimated students will require to complete and show achievement for the qualification: 
this is the Total Qualification Time (TQT). Within TQT, Pearson identifies the number 

of Guided Learning Hours (GLH) that we estimate a centre delivering the qualification 
might provide. Guided learning means activities, such as lessons, tutorials, online 
instruction, supervised study and giving feedback on performance, that directly 

involve teachers and assessors in teaching, supervising and invigilating students. 

Guided learning includes the time required for students to complete external assessment 
under examination or supervised conditions. 


In addition to guided learning, other required learning directed by teachers or assessors 
will include private study, preparation for assessment and undertaking assessment when 
not under supervision, such as preparatory reading, revision and independent research. 


BTEC Nationals have been designed around the number of hours of guided learning 
expected. Each unit in the qualification has a GLH value of 60, 90 or 120. There is then 
a total GLH value for the qualification. 


Each qualification has a TQT value. This may vary within sectors and across the suite 
depending on the nature of the units in each qualification and the expected time for 
other required learning. 


The following table shows the qualifications in this sector and their GLH and TQT values. 


Qualification Size and structure Summary purpose 

title 

Pearson Level 3 | 360 GLH (468 TQT) The Extended Certificate is for 
Alternative Equivalent in size to one students who are Interested in 
Academic A Level. learning about the Information 
Qualification Technology sector alongside 
BTEC National | 4 units of which 4 are other fields of study, with a view 
in Information | Mandatory and 2 are external. | to progressing to a wide range 
Technology Mandatory content (100%). of higher education courses, 
(Extended External assessment (66.6%). not necessarily in Information 
Certificate) Technology-related subjects. 


It is designed to be taken as part 
of a programme of study that 
includes A Levels. 
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Qualification and unit content 


Pearson has developed the content of the new BTEC Nationals in collaboration with 
representatives from higher education and relevant professional bodies. In this way, 
we have ensured that content is up to date and that it includes the knowledge, 
understanding, skills and attributes required in the sector. 


Centres should ensure that delivery of content is Kept up to date. Some of the units 
within the specification may contain references to legislation, policies, regulations and 
organisations, which may not be applicable in the country you deliver this qualification in 
(if teaching outside of England), or which may have gone out-of-date during the lifespan 
of the specification. In these instances, it is possible to substitute such references with 
ones that are current and applicable in the country you deliver subject to confirmation 
by your Standards Verifier. 


Assessment 


Assessment is specifically designed to fit the purpose and objective of the qualification. It 
includes a range of assessment types and styles suited to vocational qualifications in the 
sector. There are three main forms of assessment that you need to be aware of: external, 
internal and synoptic. 


Externally assessed units 


Each external assessment for a BTEC National is linked to a specific unit. All of the 
units developed for external assessment are of 60, 90 or 120 GLH to allow students 
to demonstrate breadth and depth of achievement. Each assessment is taken under 
specified conditions, then marked by Pearson and a grade awarded. Students are 
permitted to resit the examination twice. This equates to three attempts in total: 

one inclusive of registration, the remaining two attempts as resits. If students resit an 
examined unit, the best grade achieved will count towards their overall qualification 
grade, not necessarily the most recent sitting. External assessments are available twice 
a year. For detailed information on the external assessments, please see the table in 
Section 3. For further information on preparing for external assessment, see Pearson 
BTEC Level 3 National Administrative Support Guide, which is available on our website. 


Internally assessed units 


Internally assessed units are assessed by a Pearson Set Assignment Brief (PSAB), which 
is set by Pearson, marked by you and subject to external standards verification. Before 
you assess you will need to become an approved centre, if you are not one already. 

You will need to prepare to assess using the guidance in Pearson BTEC Level 3 National 
Administrative Support Guide, which is available on our website. You will make grading 
decisions based on the requirements and supporting guidance given in the units. Where 
a student has not achieved their expected level of performance for an assignment, 

they may be eligible for one resubmission of improved evidence for each assignment 
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submitted if authorised by the Lead Internal Verifier. To ensure any resubmissions are 
fairly and consistently implemented for all students, the Lead Internal Verifier can only 
authorise a resubmission if certain conditions are met. If the Lead Internal Verifier does 
authorise a resubmission, it must be completed within 15 working days of the student 
receiving the results of the assessment. 


Feedback to students can only be given to clarify areas where they have not achieved 
expected levels of performance. Students cannot receive any specific guidance or 
instruction about how to improve work to meet assessment criteria or be given solutions 
to questions or problems in the tasks. 


If a student has still not achieved the targeted pass criteria following the resubmission 
of improved evidence for an assignment, the Lead Internal Verifier may authorise, 

under exceptional circumstances, one retake opportunity to meet the required pass 
criteria. The retake can be of a task or subset of the Pearson Set Assignment Brief that is 
of evidence in a new or revised form. The deadline for submission of the retake must fall 
within the same academic year. 


Synoptic assessment 


Synoptic assessment requires students to demonstrate that they can identify and use 
effectively, in an integrated way, an appropriate selection of skills, techniques, concepts, 
theories and knowledge from across the whole sector as relevant to a key task. Synoptic 
links between units are flagged within the unit content. Please refer to Unit 7: Information 
Technology Systems and Unit 3: Website Development for further details. 


Language of assessment 


Assessment of the internal and external units for these qualifications will be available in 
English. All student work must be in English. A student taking the qualifications may be 
assessed in British or Irish Sign Language where it is permitted for the purpose of 
reasonable adjustment. 


For information on reasonable adjustments see Pearson BTEC Level 3 National 
Administrative Support Guide, which is available on our website. 
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Grading for units and qualifications 


Achievement in the qualification requires a demonstration of depth of study in each unit, 
assured acquisition of a range of practical skills required for progression to higher 
education, and successful development of transferable skills. Students achieving a 
qualification will have completed all units. 


Units are assessed using a grading scale of Distinction (D), Merit (M), Pass (P), Near Pass 
(N) and Unclassified (U). The grade of Near Pass is used for externally assessed units only. 
All mandatory and optional units contribute proportionately to the overall qualification 
grade, for example a unit of 120 GLH will contribute double that of a 60 GLH unit. 


BTEC National qualifications are graded using a scale of P to D*, or PP to D*D*, or 

PPP to D*D*D* depending on the size of the qualification. Please see Section 6 for more 
details. The relationship between qualification grading scales and unit grades will be 
subject to regular review as part of Pearson's standards monitoring processes on the 
basis of student performance and in consultation with key users of the qualification. 


UCAS tariff points 


The BTEC Nationals attract UCAS points. Please go to the UCAS website for full details of 
the points allocated. 
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Preparing students for the future 


Transferable skills 


Recent future skills reports have highlighted the growing importance of transferable skills 
for students to succeed in their careers and lives in this fast-changing world. 


Following research and consultation with FE educators and higher education institutions, 
Pearson has developed a Transferable Skills Framework to facilitate and guide the 
development of transferable skills through this qualification. The Framework has four 
broad skill areas, each with a cluster of skills as shown below: 


1. Managing Yourself: (1) Taking personal responsibility; (2) Personal strengths and 
resilience; (3) Career orientation planning; (4) Personal goal setting 


2. Effective Learning: (1) Managing own learning; (2) Continuous learning; 
(3) Secondary research skills (4) Primary research skills 


3. Interpersonal Skills: (1) Written communications; (2) Verbal and non-verbal 
communications; (3) Teamwork; (4) Cultural and social intelligence 


4. Solving Problems: (1) Critical thinking (2) Problem solving; (3) Creativity and innovation 


Each transferable skill has a set of descriptors that outline what achievement of the skill 
looks like in practice. Each unit in the qualification will show whether a transferable skill 
has been: 


1. fully embedded through the design of the teaching and learning content and 
assessment of the unit. Skills that are embedded are ‘naturally occurring’ in that they 
are inherent to the unit content and don't require extension activities to deliver. 


2. signposted as an opportunity for delivery and development and would require 
extension activities to deliver. 


Units will show a summary of the transferable skills that have been embedded or 
signposted and Appendix 2 shows the descriptors for each skill across all the skill clusters. 


More information on the framework, its design and relevance for student progression 
is available in the BTEC Transferable Skills Guide for Teachers. Resources and guidance to 
support teachers in the delivery and development of these skills will be available in the 
Delivery Guide for this qualification and through our training offer. 


Digital skills 


Digital skills are required in every industry as well as in everyday life and, with the 
acceleration of automation and Al in industry it is critical for students to understand 
how digital technologies are relevant and applied in the context of the sector they are 
studying. 


With this in mind, we have used the Digital Skills Framework published by IFATE as a 
frame of reference to identify opportunities for the delivery and development of digital 
Skills in this qualification. 
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This Digital Skills framework has five categories with specific digital characteristics that 
apply in varying extent across sectors: 


e Problem Solving - The use of digital tools to analyse and solve problems 


e Digital Collaboration and Communication - Using digital tools to communicate 
and share information with stakeholders 


e Transacting Digitally - Using digital tools to set up accounts and pay for 
goods/services 


e Digital Security — Identify threats and keep digital tools safe 


e Handling Data Safely and Securely — Follow correct procedures when handling 
personal and organisational data 


Opportunities to develop these digital skills are identified where they are relevant and 
appropriate to a sector, meaning that: 


e Where they naturally occur 
e Where embedding adds no assessment burden 
e Where embedding will enhance a student's skills and knowledge in the sector. 


Appendix 3 shows a mapping of the teaching and learning content to the five categories 
of the framework to show where opportunities to develop these digital skills exist in this 
qualification. 


Sustainability skills 


To help students develop sustainability skills, practices and mindset, we have designed 
content in this qualification aligned to the UNESCO Sustainable Develooment Goals 
(17 SDGs), that are relevant and appropriate to the sector. The SDGs are the most 
common point of reference for content that addresses sustainability and provides a 
useful and pragmatic way of organising this content. 


Sustainability knowledge and understanding may be included in the teaching and learning 
content but not directly assessed. Additionally, it could be assessed - the approach 
chosen for each unit is based on the relevance of the sustainability skills, knowledge 

and understanding to the purpose and scope of the unit. 


Appendix 4 shows a mapping of the teaching and learning content to the relevant 
SDGs to show where sustainability concepts have been included in this qualification. 
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2 Qualification purpose 


Pearson Level 3 Alternative Academic Qualification BTEC National in 
Information Technology (Extended Certificate) 


In this section you will find information on the purpose of this qualification and how its 
design meets that purpose through the qualification objective and structure. We publish 
a full ‘Statement of Purpose’ for each qualification on our website. These statements are 
designed to guide you and potential students to make the most appropriate choice of 
qualification at recruitment. 


Who is this qualification for? 


The Pearson Level 3 Alternative Academic Qualification BTEC National in Information 
Technology (Extended Certificate) is an Alternative Academic Qualification (AAQ) designed 
for post-16 students with an interest in the Digital sector and aiming to progress to 
higher education as a route to graduate level employment. 


Equivalent to one A Level in size, it is suitable for students looking to develop their applied 
knowledge and skills in Information Technology as part of a study programme alongside 
A Levels. 


What will the student study as part of this qualification? 


The qualification has been developed in consultation with higher education 
representatives and sector experts to ensure students have the knowledge, 
understanding and skills they need to progress to, and thrive, in higher education. 


The qualification has four mandatory units covering the following topics: 


e Information Technology Systems - Information technology systems, including the 
relationship between software and hardware, and the issues related to IT systems 


e Cyber Security and Incident Management - Types of cyber security attacks, the 
vulnerabilities in networked systems and how to plan and respond to attacks 


e Website Development - The development tools, techniques and processes used in 
website development and how to test usability, functionality and fitness for purpose 


e Relational Database Development - Structure of data, data design and database 
management systems (DBMS). 
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What knowledge and skills will the student develop as part of this 
qualification and how might these be of use and value in further studies? 


Students will develop the following knowledge and skills: 


Knowledge of digital technologies and how organisations plan digital projects and 
follow a project lifecycle 


Understanding of organisation structures and processes and how to embed digital 
safety to keep data and assets secure 
Technical skills to: 


o design and build a website to meet user requirements using relevant tools and 
techniques, including testing for usability, functionality and fitness for purpose 

o follow a design methodology to create and develop a database design to meet 

user requirements, including testing the solution 

Transferable skills such as creativity and innovation, written communications, 

critical thinking and taking personal responsibility. 


Students will develop the ability to apply digital concepts to different sectors which 


is bene 


oa 


icial to the analytical approach included in many degrees. The ability to take 


personal responsibility and written communication skills will develop students’ ability 
to manage their own work and independently create extended writing tasks which is 
a good foundation for academic success. 


Which subjects will complement this qualification? 


The following subjects would be suitable to combine with this qualification: 


Business 
Mathematics 
Psychology 
Art & Design 


What further learning will this qualification lead to? 


This qualification can lead to progression to the following degrees: 


BA Business Studies 
BSc Information Systems 


BSc Computer Science 
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3 Structure 


Qualification structure 


Pearson Level 3 Alternative Academic Qualification BTEC National in 
Information Technology (Extended Certificate) 


Students must complete 4 mandatory units. 


See Section 6 for rules on qualification awarding. 


Mandatory units - students complete and achieve all units 


Unit Unit title GLH | Type How 
number assessed 
Information Technology Systems 120 | Mandatory External 
2 Cyber Security and Incident 120 | Mandatory External 
Management 
3 Website Development 60 | Mandatory Internal 
4 Relational Database Development | 60 | Mandatory Internal 


External assessment 


66.6% of the total qualification GLH is made up of external assessment. A Summary 
is given below. See the unit content and sample assessment materials for more 
information. 


Unit Type Availability 

Unit 1: Information | An external examination set and January and 

Technology marked by Pearson May/June 

systems e 90 marks First assessment 
May/June 2026 

Unit 2: Cyber e An external examination set and January and 

Security and marked by Pearson May/June 

Incident e 90 marks First assessment 

Manabement May/June 2026 
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Synoptic assessment 


The assessment of synoptic knowledge requires students to apply learning from one unit 
to the assessment in another unit. Within the assessment for Unit 3: Website Development, 
students will be assessed on underpinning knowledge, ideas and concepts from Unit 7: 
Information Technology Systems. Synoptic links are flagged within the units. 


There might be some further naturally occurring synoptic opportunities across the 
qualification where students can synthesise their learning. These will be outlined in 
the Delivery Guide to help with planning for your teaching. 
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4 Units 


Understanding your units 


The units in this specification set out our expectations of assessment in a way that 
helps you to prepare your students for assessment. The units help you to undertake 
assessment and quality assurance effectively. 


Each unit in the specification is set out in a similar way. There are two types of unit 
format: 


e Internally assessed units 
e Externally assessed units. 


This section explains how the units work. It is important that all teachers, assessors, 
internal verifiers and other staff responsible for the programme review this section. 


Internally assessed units 


Section | Explanation 
Unit number The number is in a sequence in the sector. Numbers may not be 
sequential for an individual qualification. 
Unit title This is the formal title that we always use and it appears on 
certificates. 
Unit level All units are Level 3 on the national framework. 
Unit type This confirms that the unit is internally assessed. See structure 


information in Section 3 for full details. 


GLH Units may have a Guided Learning Hours (GLH) value of 120, 

90 or 60. This indicates the numbers of hours of teaching, directed 
activity and assessment expected. It also shows the weighting of 
the unit in the final qualification grade. 


Unit in brief A brief formal statement on the content of the unit that is helpful 
in understanding its role in the qualification. You can use this in 
Summary documents, brochures etc. 


Unit This is designed with students in mind. It indicates why the unit is 
introduction important, how learning is structured and how learning might be 
applied when progressing to employment or higher education. 


Learning aims These help to define the scope, style and depth of learning of the 
unit. You can see where students should be learning standard 
requirements (‘understand’) or where they should be actively 
researching (‘investigate’). You can find out more about the verbs 
we use in learning aims in Appendix 7. 
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Section Explanation 


Transferable 
skills 


Summary of This helps teachers to see the main content areas against the 

unit learning aims and the structure of the assessment at a glance. 

Content This sets out the required teaching content of the unit. Content is 
compulsory except where shown as ‘e.g.’. Students should be asked 
to complete summative assessment only after the teaching content 
for the unit or learning aim(s) has been covered. 

Assessment Each learning aim has Pass and Merit criteria. Each assignment has 

criteria at least one Distinction criterion. A full glossary of terms used is 


given in Appendix 7. 


Distinction criteria represent outstanding performance in the unit. 
Some criteria require students to draw together learning from 
across the learning aims. 


This summarises the transferable skills present within this unit. 
The key helps to identify whether they are signposted but require 
additional assessment, embedded and achieved on completion or 
not present in this unit. 


Essential 
information for 
Pearson Set 


This shows a brief summary of the activities required for the 
mandatory Pearson Set Assignment Brief. Centres must download 
and use the mandatory PSAB without alteration or 


information for 
teachers and 
assessors 


Resource 
requirements 


Essential 
information for 
assessment 
decisions 


Assignment contextualisation. 
Brief (PSAB) 
Further This gives you information to support the implementation of 


assessment. It is important that this is used carefully alongside the 
assessment criteria and PSAB. 


Any specific resource requirements that you need to be able to 
teach and assess are listed in this section. For more information 
on support resources, see the Pearson BTEC Level 3 National 
Administrative Guide. 


This information gives guidance for each learning aim or 
assignment of the expectations for Pass, Merit and Distinction 
standard. This section contains examples and essential clarification. 


Links to other 
units 


This shows you the main relationship between units. This can help 
you to structure your programme and make best use of materials 
and resources. 
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Externally assessed units 


Unit number 


Section Explanation 


The number is in a sequence in the sector. Numbers may not be 
sequential for an individual qualification. 


introduction 


Unit title This is the formal title that we always use and it appears on 
certificates. 

Unit level All units are Level 3 on the national framework. 

Unit type This confirms that the unit is externally assessed. See structure 
information in Section 3 for full details. 

GLH Units may have a Guided Learning Hours (GLH) value of 120, 

90 or 60. This indicates the numbers of hours of teaching, directed 
activity and assessment expected. It also shows the weighting of 
the unit in the final qualification grade. 

Unit in brief A brief formal statement on the content of the unit that is helpful 
in understanding its role in the qualification. You can use this in 
summary documents, brochures etc. 

Unit This is designed with students in mind. It indicates why the unit is 


important, how learning is structured and how learning might be 
applied when progressing to employment or higher education. 


Summary of This sets out the type of external assessment used and the way in 

assessment which it is used to assess achievement. 

Assessment These show the hierarchy of knowledge, understanding, skills and 

outcomes behaviours that are assessed. Includes information on how this 
hierarchy relates to command terms in sample assessment 
materials (SAMs). 

Content For external units all content is obligatory. The depth of content 


is indicated in the assessment outcomes and sample assessment 
materials (SAMs). The content will be sampled through the external 
assessment over time, using the variety of questions shown. 


Transferable 
skills 


This summarises the transferable skills present within this unit. 
The key helps to identify whether they are signposted but require 
additional assessment, embedded and achieved on completion or 
not present in this unit. 


Key terms These definitions will help you analyse requirements and prepare 
typically used in | students for assessment. 
assessment 
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Section Explanation 


Resources Any specific resource requirements that you need to be able to 
teach and assess are listed in this section. For more information 
on support resources, see the Pearson BTEC Level 3 National 
Administrative Guide. 


Links to other This shows you the main relationship between units. This can help 
units you to structure your programme and make best use of materials 
and resources. 
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Index of units 


Unit 1: Information Technology Systems 
Unit 2: Cyber Security and Incident Management 


Unit 3: Website Development 


Unit 4: Relational Database Development 
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UNIT 1: INFORMATION TECHNOLOGY SYSTEMS 


Unit 1: Information Technology Systems 


Level: 3 
Unit type: External 


Guided learning hours: 120 


Unit in brief 


Students will study the role of Information Technology (IT) systems and the implications 
of their use in personal and professional situations. Students will gain knowledge and 
understanding of issues relating to the use of IT in personal and professional situations. 


Unit introduction 


IT systems have a significant role in the world around us and play a part in almost 
everything we do. Having sound knowledge and understanding of how to effectively 
select and use appropriate IT systems will benefit you personally and professionally. 


You will explore the relationships between the hardware and software that form an IT 
system, how systems work individually and together, and the relationship between the 
user and the system. You will examine issues related to the use of IT systems and the 

impact that they have on organisations and individuals. 


This unit will give you a fundamental understanding of all areas of IT, Supporting your 
progression to an IT-related higher education course. 


Summary of assessment 
The unit will be assessed through one examination of 90 marks lasting 2 hours. 


Students will be assessed through a number of short- and long-answer questions. 
The questions will assess knowledge and understanding of IT systems and the 
implications of their use in personal and professional situations. 


The assessment availability is twice a year in January and May/June. The first assessment 
availability is May/June 2026. 


Sample assessment materials will be available to help centres prepare students for 
assessment. 
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Assessment outcomes 

AO1 Demonstrate knowledge and understanding of information technology systems, 
terminology, concepts and processes. 

AO2 Apply knowledge and understanding of information technology systems, 
terminology, concepts and processes. 

AO3 Analyse and evaluate the factors and implications of information technology 
systems. 


[SP-CT] 
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Content 


The essential content is set out under content areas. Students must cover all specified 
content before the assessment. 


A: Explore the concepts and implications of the use of, and relationships 
among devices that form IT systems 


A1 Functions and use of digital devices, and the notation used to represent the 
design of IT systems 


Students should apply their knowledge and understanding of the features and uses of 
digital devices in IT systems to meet the needs of individuals and organisations. Students 
should apply their knowledge of notation used in designing IT systems and flowcharts. 
This knowledge is essential for the effective use of technology in both personal and 
professional settings. 


A1.1 Features of digital devices that form part or all of IT systems: 
A1.1.1. personal computers 
A1.1.2 multifunctional devices 
A1.1.3. mobile devices 
A1.1.4 servers 
e file 
e application 
e web 
A1.1.5 entertainment systems 
A1.1.6 digital cameras 
e still 
e video 
A1.1.7 navigation systems 
A1.1.8 communication devices and systems 
A1.1.9 embedded systems 
e Sensors 
e Internet of Things (loT). 
A1.2. Function and use of the above digital devices for: 
A1.2.1 personal 
A1.2.2 education and training 
A1.2.3 social 
A1.2.4 retail 


A1.2.5 manufacturing 
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A1.3 


A1.2.6 healthcare 

A1.2.7 creative tasks 

A1.2.8 automation and robotics. 

Forms of notation used to design IT systems: 
A1.3.1 system diagrams 

A1.3.2 flowcharts. 


A2 Peripheral devices and media 


Students should apply their knowledge and understanding of the features and uses 
of peripheral devices and media in IT systems to meet the needs of individuals and 
organisations. 


A2.1 


A2.2 


A2.3 


A2.4 
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Features and uses of peripheral devices used with other digital devices to form 
part of an IT system: 


A2.1.1 input devices 

A2.1.2 output devices 

A2.1.3 storage devices. 
Assistive technologies 

A2.2.1 adaptive keyboards 
A2.2.2 screen readers 

A2.2.3 braille displays 

A2.2.4 screen magnifiers 
A2.2.5 head pointers 

A2.2.6 single switch entry devices 
A2.2.7 foot switches 

A2.2.8  sip-and-puff switches 
A2.2.9 eye-tracking software 
A2.2.10 text-to-speech software. 


Characteristics and implications of storage media used to form part of an 
IT system. 


A2.3.1 capacity 
A2.3.2 cost 
A2.3.3 speed 
A2.3.4 compatibility 
Data processing. 
A2.4.1| manual 
A2.4.2 automatic 
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A3 Computer software in an IT system 


Students should know and understand the concepts, implications and impact on 
individuals and organisations of the use of, and relationships between hardware and 
software. 


A3.1 Types of operating systems: 
A3.1.1 batch 
A3.1.2 distributed 
A3.1.3 multitasking 
A3.1.4 network OS 
A3.1.5 real-time OS 
A3.1.6 mobile OS 
A3.1.7 single use 
A3.1.8 multi-user 
A3.2 Role of the operating system in managing: 
A3.2.1 networking 
A3.2.2 security 
A3.2.3. memory management 
A3.2.4 multi-tasking 
A3.2.5 device drivers 
A3.2.6 user accounts. 
A3.3 Types, uses and features of software: 
A3.3.1 utility 
A3.3.2 application. 


A3.4 Factors impacting the choice and use of operating system and application 
software. 


A3.4.1 cost 

A3.4.2 security 

A3.4.3 hardware and software compatibility 
A3.4.4 features 

A3.4.5 business and/or user needs 


A3.4.6 performance. 
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A3.5 Types of user interface and factors affecting the choice of user interface: 
A3.5.1 command line 
A3.5.2) menu-driven 
A3.5.3 graphical user 
A3.5.4 touchscreen graphical user. 
A3.6 Principles and implications of open source and proprietary software: 
A3.6.1 operating systems 
A3.6.2 application software. 
A3.7 Features of common file types and formats used for: 
A3.7.1 images 
A3.7.2 audio 
A3.7.3 videos 
A3.7.4 application software. 
A4 Choosing IT systems 


Students should know and understand how the features of an IT system can affect its 
performance and the factors impacting on the choice. 


A4.1 Factors affecting the choice of IT systems: 
A4.1.1 user needs 
A4.1.2 specifications 
A4.1.3 compatibility 
A4.1.4 connectivity 
A4.1.5 cost 
A4.1.6 efficiency 
A4.1.7 implementation 
e timescales 
e testing 
e migration to new system(s) 
e downtime 
A4.1.8 productivity 
A4.1.9 security. 
A4.2 Features and implications of IT systems used by organisations for: 
A4.2.1 stock control 
A4.2.2 data logging 
A4.2.3 data analysis 
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A4.2.4 general office tasks 
A4.2.5 creative tasks 
A4.2.6 advertising 
A4.2.7) manufacturing 
A4.2.8 security 
A4.2.9 automation. 
A4.3 Impact and implications for organisations of IT systems in terms of: 
A4.3.1 user experience 
e ease of use 
e performance 
e availability 
e accessibility 
A4.3.2. employee and customer needs 
A4.3.3 cost 
A4.3.4 implementation 
e timescales 
e testing 
e migration to new system(s) 
e downtime 
A4.3.5 replacement or integration with current systems 
A4.3.6 productivity 
A4.3.7 working practices 
A4.3.8 staff training needs 
e Initial 
e ongoing 
A4.3.9 user support 
A4.3.10 security. 
A5 Emerging technologies 


Students should understand how emerging technologies can be used by individuals 
and organisations. 


A5.1 The concepts and implications of how emerging technologies affect the 
performance of IT systems. 


A5.2 Implications of emerging technologies on the personal use of IT systems. 


A5.3 Implications of emerging technologies on the use of IT systems in organisations. 
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B: Transmitting data 

The essential content topics require understanding of the concepts, processes and 
implications of transmitting data within and between IT systems. 

B1 Connectivity 


B1.1 Wireless and wired methods of connecting devices and transmitting data within 
and between IT systems. 


B1.1.1 Bluetooth 
B1.1.2 USB 
B1.1.3 Wi-Fi 
B1.1.4 Ethernet 


B1.2 How the features of connection types can meet the needs of individuals and 
organisations. 


B1.3 Implications of selecting and using different connection types. 
B1.4 Impact of connection types on the performance of an IT system. 
B2 Networks 


Students should know the concepts and implications for individuals and organisations of 
connecting devices to and from a network. 


B2.1 Network topologies: 
B2.1.1 star 
B2.1.2 ring 
B2.1.3 bus. 
B2.2 Types of networks: 
B2.2.1_ Personal Area Network (PAN) 
B2.2.2 Local Area Network (LAN) 
B2.2.3. Wide Area Network (WAN) 
B2.2.4 Virtual Private Network (VPN). 
B2.3 Factors affecting the choice of network: 
B2.3.1 user needs 
B2.3.2 specifications 
B2.3.3 connectivity 
B2.3.4 cost 
B2.3.5 efficiency 
B2.3.6 compatibility 
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B2.3.7 implementation 
e timescales 
e testing 
e downtime 
B2.3.8 productivity 
B2.3.9 security. 


B2.4 How the features of a network and its component parts affect the performance of 
an IT system. 


B3 Issues relating to transmission of data 


Students should know and understand how the features and processes of data 
transmission affect the use and performance of IT systems. 


B3.1 Protocols used to govern and control data transmission for common tasks: 
B3.1.1 email 
e SMTP 
e POP 
e IMAP 
B3.1.2 voice and video call over the internet 
B3.1.3 web pages 
e HTTP 
e HTTPS 
B3.1.4 secure payment systems 


B3.2 Security issues and considerations when transmitting data over different 
connection types and networks. 


B3.3 Factors affecting and implications of bandwidth and latency. 
B3.4 Features and implications of common file types and formats used for: 
B3.4.1 images 
B3.4.2 audio 
B3.4.3 videos 
B3.4.4 application software 
B3.5 Factors affecting the choice of compression types: 
B3.5.1 lossy 
B3.5.2 lossless. 


B3.6 Use and implications of codecs when using and transmitting audio and video in 
digital format. 
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C: Operating online 

The essential content topics require understanding of the implications for individuals and 
organisations of using online IT systems. 

C1 Online systems 


Students should know and understand the features, impact and implications of the use of 
online IT systems to store data and perform tasks. 


C1.1 Cloud computing models 
C1.1.1 private cloud 
C1.1.2 public cloud 
C1.1.3 hybrid cloud 
C1.1.4 Infrastructure as a Service (laaS) 
C1.1.5 Software as a Service (SaaS) 
C1.1.6 Platform as a Service (PaaS) 
C1.2 Impact and implications of using cloud computing for individuals and organisations. 
C1.3 Systems that enable and support remote working: 
C1.3.1. VPNs 
C1.3.2 remote desktop technologies. 
C1.4 The way factors affect the use and selection of online systems: 
C1.4.1 security 
C1.4.2 cost 
C1.4.3 ease of use 
C1.4.4 features 
C1.4.5 connectivity 
C1.4.6 scalability. 
C2 Online communities 


Students should know and understand the features of online communities and the 
implications of their widespread use for individuals and organisations. 


C2.1 Ways of communicating and interacting with online communities: 
C2.1.1 social media 
C2.1.2 blog/viog 
C2.1.3 wiki 
C2.1.4 chatrooms 
C2.1.5 instant messaging 
C2.1.6 podcasts 
C2.1.7 forums. 
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C2.2 Considerations for individuals and organisations of using and accessing online 

communities: 
C2.2.1 user experience 

e ease of use 

e performance 

e availability 

e accessibility 
C2.2.2 meeting user needs 
C2.2.3 cost 
C2.2.4 privacy 
C2.2.5 security 
C2.2.6 downtime 
C2.2.7_ training 
C2.2.8 integration with current systems 
C2.2.9 productivity 


C2.2.10 working practices and company policies. 


D: Protecting data and information 

The essential content topics require understanding of the issues and implications of 
storing and transmitting information in digital form. 

D1 Threats to data, information, and systems 


Students should know and understand the types of accidental and malicious threats to 
the security and integration of data, held in and used by IT systems. 


D1.1 Types of external threats to data: 
D1.1.1 viruses and other malware 
D1.1.2 Unauthorised access - hackers 
D1.1.3 accidental damage 
D1.1.4 social engineering. 
D1.1.5 natural disasters 

D1.2 Types of internal threats to data: 
D1.2.1 access to inappropriate websites 
D1.2.2 accidental disclosure of data 
D1.2.3  stealing/leaking information 


D1.2.4 use of portable devices. 
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D1.3 Impact on individuals and organisations from threats to data, information and 
systems: 
D1.3.1 loss of data 
D1.3.2 financial loss due to legal action 
D1.3.3 loss of customers due to public image. 
D2 Protecting data 


Students should know the uses and implications of systems and procedures used to 
protect the data of individuals and organisations. 


D2.1 Techniques used to protect data and systems: 

D2.1.1 file permissions 

D2.1.2 access levels 

D2.1.3 backup and recovery procedures 

D2.1.4 passwords/multi-factor authentication 

D2.1.5 biometrics 

D2.1.6 physical access control 

D2.1.7 digital certificates. 
D2.2 Features and functions of using antivirus software to protect data. 
D2.3 Features and functions of using firewalls to protect data. 
D2.4 Features and functions of encryption methods to protect: 

D2.4.1 stored data 

D2.4.2 data during transmission 

D2.4.3 data in secure websites (HTTPS). 


E: Impact of using IT systems 

The essential content topics require understanding of the uses, issues and implications of 
IT systems and their impact on individuals and organisations. 

E1 Online services 


Understand how the features of online services are used to meet the needs of individuals 
and organisations. 


E1.1 Features and implications of using online services to support: 
E1.1.1_ retail 
E1.1.2 financial services 
E1.1.3 education and training 


E1.1.4 news and information 
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E1.1.5 entertainment and leisure 
E1.1.6 booking systems. 
E1.2 Uses, impact and implications for individuals and organisations of: 
E1.2.1 transactional data 
E1.2.2 targeted marketing 
E1.2.3. collaborative working 
E1.2.4 remote working. 
E2 Using and manipulating data 


Understand the uses, processes and implications for individuals and organisations of 
accessing and using data and information in digital form. 


E2.1 Sources of data: 
E2.1.1 primary 
E2.1.2 secondary. 
E2.2 Methods of ensuring reliability of information. 
E2.3 Methods of collecting data and opinions: 
E2.3.1 survey 
E2.3.2 questionnaire 
E2.3.3 focus groups 
E2.3.4 interview. 
E2.4 Reasons for ensuring data accuracy. 
E2.5 Methods of ensuring data accuracy: 
E2.5.1_ verification 
E2.5.2 validation. 


E2.6 Characteristics and considerations of user interfaces for data collection and 
processing systems: 


E2.6.1 ease of use 
E2.6.2 accessibility 
E2.6.3 error reduction 
E2.6.4 functionality 
E2.6.5 performance 
E2.6.6 compatibility. 
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F: Issues 
The essential content topics require understanding of the concepts, impacts, and 


implications of moral, ethical and legal issues relating to the use of IT systems. 


F1 Moral and ethical issues 


Understand the moral and ethical factors and implications of using information 
technology for individuals and organisations. 


F1.1 Moral and ethical factors and implications of the use of information technology: 
F1.1.1 privacy 
F1.1.2 environmental impact 
F1.1.3. unequal access to information technology 
F1.1.4 access to assistive technology 
F1.1.4 online behaviour and netiquette 
F1.1.5 acceptable use policies. 


F2 Legal issues 


Understand the legal issues relating to the use of IT systems, and the implications for 
individuals and organisations. 


F2.1 Role and impact of current legislation in protecting IT systems, users and their data 
from attack and misuse: 


F2.1.1 computer misuse legislation 

F2.1.2 copyright, designs and patents legislation 

F2.1.3. copyright regulations (Computer programs) 

F2.1.4 health and safety and display screen equipment regulations 
F2.1.5 data protection legislation 
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Skills 
MY - TPR EL- MOL IS -WC SP - CT * 
MY —- PS&R EL-CL IS -V&NC SP-PS 
MY - COP EL-SRS IS-T SP - C&l 
MY - PGS EL-PRS IS - C&S] 
Table key 
= Signposted to indicate opportunities for development as part of wider 
teaching and learning. 
v Embedded in teaching, learning and assessment 
blank TS not embedded or signposted in unit 
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Key terms typically used in assessment 


The following table shows the key terms that will be used consistently by Pearson in our 
assessments to ensure students are rewarded for demonstrating the necessary skills. 


Please note: the list below will not necessarily be used in every paper/session and is 
provided for guidance only. 


Describe Students provide an account of something 
or highlight several key features of a given 
topic. May also be used in relation to the 
stages of a process. 


Discuss Students consider the different aspects in 
detail of an issue, situation, problem or 
argument and how they interrelate. 


Draw Students represent understanding using a 
diagram or flowchart. 


Explain Students identify a point and give a linked 
justification/exemplification of that point. 


The answer must contain some linked 
reasoning. 


Evaluate Students consider various aspects of a 
subject's qualities in relation to its context 
such as: strengths or weaknesses, 
advantages or disadvantages. They come 
to a judgement supported by evidence 
which will often be in the form of a 


conclusion. 
Identify Students select some key information 
from a given stimulus/resource. 
State, name, give Students recall one or more pieces of 
information 
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Unit 2: Cyber Security and Incident Management 


Level: 3 
Unit type: External 


Guided learning hours: 120 


Unit in brief 


Students will study cyber security threats and vulnerabilities, the methods used to protect 
organisations against threats and managing security incidents. 


Unit introduction 


Our increasing reliance on computer systems and the data they contain makes us 
vulnerable to attacks from cyber criminals and to the loss of these systems if there 

is an accident or a natural disaster. As Information Technology (IT) system security is 
improved, more sophisticated methods of attack are developed, and it is important 

that organisations have robust plans in place to deal with a cyber security incident before 
it occurs. All IT professionals require a good understanding of the current threats to 
systems, how to apply appropriate and effective protection methods and how to manage 
a cyber security incident. 


In this unit, you will examine the many types of cyber security attacks, the vulnerabilities 
in networked systems and the techniques that can be used to defend an organisation's 
networked systems. You will examine scenarios and explain appropriate protection 
measures for networked systems. You will also look at the forensic methods used to 
investigate cyber security incidents and analyse the suitability of those methods for a 
given scenario. 


As IT systems evolve, there is an increasing need for IT professionals to protect 
networked systems and the information they contain, while providing enhanced features 
and benefits for organisations, customers and individuals. This unit will help prepare you 
for IT courses in higher education. 
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Summary of assessment 


The unit will be assessed through one examination of 90 marks lasting 2 hours 
15 minutes. 


Students will be assessed through a number of short- and long-answer questions. 
Students will need to explore and relate to contexts and data presented. The questions 
will assess Understanding of cyber security threats, the methods used to counter them 
and the forensics used to investigate an attack. 


The assessment availability is twice a year in January and May/June. The first assessment 
availability is May/June 2026. 


Sample assessment materials will be available to help centres prepare students for 
assessment. 
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Assessment outcomes 


AO1 Demonstrate knowledge and understanding of cyber security terms, 
security threats, system vulnerabilities and security protection methods, 
forensic procedures and implications resulting from threats. 


AO2 Apply knowledge and understanding to security threats, system vulnerabilities 
and security protection methods, forensic procedures and implications by 
selecting appropriate security tools and methods. 


AO3 Analyse and evaluate security threats, system vulnerabilities and security 
protection methods, forensic procedures and implications for cyber security 
scenarios, 


[SP-CT] 


Pearson Level 3 Alternative Academic Qualification BTEC National in Information Technology 37 
(Extended Certificate) - Specification - Issue 1 - July 2024 © Pearson Education Limited 2024 


UNIT 2: CYBER SECURITY AND INCIDENT MANAGEMENT 


Content 


The essential content is set out under content areas. Students must cover all specified 
content before the assessment. All topics require students to apply knowledge, analyse 


and evaluate. 


A: Cyber security threats, system vulnerabilities and security protection 
methods 


A1 Cyber security threats 


Students should apply their knowledge and understanding of the function and impact of 
internal and external threats. 


A1.1 
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Internal threats: 


A1.1.1 employee sabotage, deliberate and accidental 


A1.1.2 


A1.1.3 


theft or loss of 

o physical equipment 

o data 

o software/licences 

use of unauthorised software 

o license and legal liability issues 

o compatibility issues 

o interference with running of the network/other software 
o used for spying. harassment, illegal activities 


o used to avoid/interfere with monitoring, auditing, 
user/device supervision 


accidental or deliberate damage 


fire 

flood 
power loss 
terrorism 


other disasters 


weak cyber security measures and unsafe practices 


security of computer equipment and storage devices 
security vetting of visitors 


visiting untrustworthy websites 
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A1.1.4 accidental loss or disclosure of data/credentials 
e human factors 
o negligence 
o poor training 
o not following security procedures 
e inadequate monitoring and reporting 
e weak security culture 
A1.2. Function of external threats: 
A1.2.1 malicious software (malware) 
e viruses 
o boot sector 
o web script 
o macro 
o worm 
o rootkit 
o trojan 
o browser hijack 
o polymorphic 
e spyware 
o keylogger/data thief 
o system monitor 
o mobile device tracker/stalkerware 
o web beacons and tracking cookies 
e adware 
o potentially unwanted program (PUP) 
o legitimate adware 
o abusive or deceptive adware, legal and illegal 
e ransomware 
o encryptors 
o lockers 
o scareware 
o leakware/doxware 


e bots 
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A1.2.2 hacking - commercial, government, individuals 


Denial of Service (DoS) and Distributed Denial of Service (DDoS) 
browser hijack 

cyberwarfare 

data theft 

data tampering 

o back end - databases and other data stores 


o front end - web pages and other public facing displays 


A1.2.3 sabotage - commercial, government, individuals, terrorism 


data poisoning 

data tampering 

data destruction 

fakes 

o images, video, audio, documents 
o using manual/traditional software methods 
o using Artificial Intelligence (Al) 
damage to/hijacking of 

o machinery 

o vehicles 

o internet connected devices 

o industrial processes 


o critical infrastructure - commercial and national 


A1.2.4  social-engineering techniques used to obtain secure information 
by deception. 


phishing, vishing, smishing 
whaling, spear phishing 
Domain Name System (DNS) spoofing 


pretexting/impersonation 


A1.2.5 physical security 


unauthorised access to secure areas 
0 tailgating 

o forced entry 

o impersonation 

o coercion 
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e unauthorised access to devices 


O 


O 


O 


[e) 


12) 


unattended devices 
shoulder surfing 
theft of device 

lost devices 


devices/interfaces installed in public areas 


A1.3 Impact of a credible threat, likely to result in some form of loss: 


A1.3.1 operational loss 


e manufacturing output 


e service availability 


e data availability 


A1.3.2_ financial loss 


e organisational 


[e) 


12) 


Oo 


cash flow problems 
loss of profits 


increased insurance costs 


e compensation 


O 


O 


Oo 


refunds to customers 
payments for compromising customer data/personal information 
costs of remedial actions such as credit score/identity protection 


payment for contractual default/inability to provide contracted 
service/goods 


discounts/write-offs to retain/regain customers 


e legal liability 


Oo 


12) 


fines 
penalty payments 
costs of statutory requirements in investigations 


legal fees 
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A1.3.3 reputational loss 
e loss of trust 
e poor customer reviews 
o onsocial media 
o onreview websites 
o on organisation's own website 
e reduced scores on reputation metrics/web sites 
A1.3.4_ intellectual property loss 
e new product design 
e testing and development data 
e organisational strategy 
e trade secrets 


A1.4 Cyber security threats vary over time and cyber security organisations provide 
regular updates on the current and changing threat landscape. 


A1.4.1 National Cyber Security Centre (NCSC) UK 
e latest threat reports and malware analysis 
e news (reports and advisories on recent activity) 

A1.4.2 National Institute of Standards and Technology (NIST) USA 
e news (reports and advisories on recent activity) 

A1.4.3, Open Web Application Security Project (OWASP) 
e OWASP Top 10 

A2 System vulnerabilities 


Students should apply their knowledge and understanding of the different types 
of systems and their vulnerabilities, tools to assess the vulnerabilities and the risk 
management measures. 


A2.1 Vulnerabilities of different types of computer and/or systems and the different 
threats they are exposed to. 


A2.1.1. network 
e firewall ports 


o types 


- assigned/well known, such as port 80 for Hypertext Transfer 
Protocol (HTTP) 


- registered, used by operating systems, internet services 
and specific pieces of software 


- dynamic/private, used for private/customised services, 
temporary needs 
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o vulnerabilities 


- open ports 
- spoofing 
- Denial of Service (DoS) 


e external storage devices 


1e) 


12) 


O 


O 


O 


universal serial bus (USB)/flash drive 
SD card 

external hard drive 

solid state device (SSD) 


optical disk and magnetic tape, in the context of backup systems 


A2.1.2 organisational 


e permissions or privileges 


O 


Oo 


O 


read, write, execute, modify/change 
user, administrator, system, group 


on files, folders/directories, devices, data structures, services 


e password policy 


Oo 


oO 


O 


O 


minimum and maximum length 
character restrictions 

frequency of password reuse 

disallow personal names, birthdays etc. 
specify a minimum password age 


prevent password sharing/multiple logon with same password 


e password management 


o password managers 
- onan individual device 
- synchronised between devices 
- cloud based 
- to generate passwords 
o lockout of inactive accounts 
o effective new user/leaving user process 
o auto-filling of forms/screens by 
- browser 
- dedicated software 
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A2.1.3 software 
e from an untrustworthy source 
e software downloads 
o requirement for 
trusted source 
- Hypertext Transfer Protocol Secure (HTTPS) or lock symbol 


- malware scan, pre-install 
hash check 


o malicious/deceptive installers 


e illegal copies 
o lack of security Ssupport/updates 
o backdoors 
o containing malware 
e zero-day exploits 
o new threats 
o window of exploitation before fix/patch applied 
e data storage and processing software 
o SQL injection 
o poor/no protection on internet-facing data systems 
o design/security flaws in web interfaces 
e missing patches/updates 


A2.1.4 operating system, Graphical User Interface (GUI) and Command Line 
Interface (CLI) 


e unsupported/out of support versions 
e missing patches/updates 
e missing/incorrect security settings 


A2.1.5 mobile devices reliant on Original Equipment Manufacturers (OEMs) 
to update system software 


A2.1.6 physical 
o theft of equipment/devices containing sensitive data 
o mobile device 
o data storage device 


e poor/missing security for restricted areas 
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A2.1.7_ process of how people use the system 
e leaks, intentional and accidental 
e sharing security details 
e flawed security processes 


A2.1.8 security implications of cloud computing and of the Internet of Things (loT) 
devices 


e Cloud computing 


o missing/incorrect/default security settings 


Oo 


third party/cloud provider access 
o reliant on third party security 


o data movement outside of the organisation’s network/over the 
internet, risk of interception/theft/tampering 


e lol 
o weak/no encryption on loT devices/transmissions 
o default passwords 
o lack of patches and updates 
o deployment by non-IT staff 
o flawed/insecure control interfaces 
o poor/no compatibility with network security systems 
o eavesdropping/smart devices always listening/sending voice data 


A2.2 Where to find up-to-date sources of information on specific known hardware and 
software vulnerabilities. 


A2.2.1 manufacturer's website 
A2.2.2 forum/technical help website for IT professionals/cyber security specialists 
A2.2.3 third party websites specialising in specific hardware or software 
A2.3 Attack vectors 
A2.3.1 Wireless 
e Wi-Fi, IEEE 802.11 family of standards 
e Bluetooth 
e Cellular 
e satellite link 
e Infra Red (IR) 
e Near-field communication (NFC) 


e Radio-frequency identification (RFID) 
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A2.3.2 internet connection 
e types 
o copper cable 
o optical fibre 
o Wi-Fi 
o cellular/5G 
e connection devices 
o modem/router-modem, cable and optical fibre 
o wireless router 
o cellular device/5G router 
A2.3.3 internal network access devices 
e router 
e switch 
e wireless access point 


A2.4 Types and uses of tools and methods to assess the vulnerabilities in computer 
systems 


A2.4.1 port scanner 

A2.4.2 network mapper/system discovery 

A2.4.3 registry checker 

A2.4.4 website vulnerability scanner 

A2.4.5 vulnerability detection and management software 
A2.4.6 assessing user vulnerabilities 


A2.5 Use of independent third-party review of a system and network designs before 
implementation 


A2.5.1 establishing due diligence 
A2.5.2 third party certification 


A2.6 Applications and features of penetration testing for common threats, those in the 
Open Web Application Security Project (OWASP) top 10. 


A2.6.1 uses range of techniques to find weak spots 
A2.6.2 checks against lists of known vulnerabilities 
A2.6.3 produce reports, in appropriate formats 
A2.7 Passive risk management measures: 
A2.7.1__ risk transfer to a third party (commissioning a service provider) 
A2.7.2__ risk avoidance by stopping an activity 
A2.7.3 risk acceptance 
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A3 Legal responsibilities 


Students should know the responsibilities in relation to current legal legislation. 


A3.1 Current legislation 


A3.1.1 General Data Protection Regulation (GDPR) (requirements for protection 
of data, privacy rights) 


A3.1.2| Computer Misuse Act 1990 (protects personal data held by organisations 
from unauthorised access and modification). 


A3.2 Areas the legislation applies to 


A3.2.1 protection of data, in storage and when transferred 


A3.2.2 privacy, personally identifying information (PIl) 


A3.2.3 unauthorised access to computers/devices 


A3.2.4 Unauthorised access to and modification of data 


A3.3 Legal responsibilities legislation 
A3.3.1 General Data Protection Regulation (GDPR) 


e principles 


12) 


O 


O 


O 


12) 


12) 


Oo 


lawfulness 

fairness and transparency 

limited to stated purpose(es) 
accuracy 

keep minimum amount of data 
store for minimum amount of time 


maintain confidentiality and integrity 


e legal reasons for data processing 


O 


O 


(2) 


O 


[e) 


oO 


consent 

contractual obligation 
legitimate interest 
vital interest 

legal requirement 


public interest 


e personal rights, people have the right to: 


12) 


12) 


[e) 


O 


access their own personal data 
be informed about how and why their data is used 
have their data corrected, removed or restricted 


object to the data being used 
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o portability (have data supplied in a machine readable format) 


o not to be subject to a decision based solely on automated 
processing. 


e Computer Misuse Act 


o responsibilities of organisations — exercise due care to comply with 
its security obligations under GDPR 


A4 Software and hardware security measures 


Students should apply their knowledge and understanding of the use and effectiveness 
of security measures for software and hardware, use of encryption and precautions to 
protect wireless local area network (WLAN) 


A4.1 Software and hardware 
A4.1.1 physical security measures 
e site security locks 
o mechanical 
o electronic 
o network connected 
e card entry 
o Near-field Communication (NFC) 
o Radio-frequency Identification (RFID) 
o barcode, QR code 
o magnetic stripe 
o embedded microprocessor/chip 
e biometrics 
o fingerprint 
0 iris/retina/eye pattern 
o facial recognition 
o voice recognition 
o handwriting/signature/pattern, etc. - on touchscreen/pad 
e Closed-Circuit Television (CCTV) 
e security staff 
e alarms - on buildings/restricted areas and on devices 
e protected cabling and cabinets 


e staff training 
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A4.1.2 data storage, data protection and backup, and recovery procedures 
e backup types 
o full 
o differential 
o incremental 
e backup strategies 
o onsite, offsite, cloud 
o automated, manual 
o hot site, warm site 
e redundant array of independent disks (RAID) vs backup 
e archiving vs backup 
e data resilience 
e recovery types 
o file/data restore 
o image restore of; disc, device, system 
o full/bare-metal restore 
A4.1.3 antivirus software and detection techniques 
e virus signatures, scanning 


e heuristics techniques used to identify potentially suspicious file content 
or behaviour 


e file integrity check, checksum 
e techniques for dealing with identified threats 
o warning 
o logging 
o prevent execution 
o quarantine 
o deletion 
A4.1.4 software and hardware firewalls and the filtering techniques they use 
e packet filtering and inspection 
e application layer awareness 
e inbound and outbound rules 


e network address 
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A4.1.5 user authentication 

e user login procedures 

e strong password, password policy compliance 

e biometric authentication 

e single factor and multi-factor authentication (MFA) 
o knowledge/things you know 
o possession/things you have 
o inherence/things you are 


o location factors such as IP address, MAC address, global positioning 
system (GPS) location 


o behaviour factors such as how a signature/pattern is made, how a 
keyboard is used 


e security tokens 


o connected such as a Universal Serial Bus (USB) key, or smartcard 
plus reader 


o contactless such as a Bluetooth enabled dongle 


o disconnected, a device that generates a code independently 
SUCH as: 


- asmartphone with a security app 
- adedicated device issued by a bank or credit card company 


e Kerberos network authentication for Windows® and Linux®-based 
operating systems 


e basic key exchange process 
o Client request 
o server response 
o authentication of server response 
o key exchange 

e certificate-based authentication 
o Transport Layer Security (TLS) 
o Secure Sockets Layer (SSL) 
o Client/device certificate 
o Public Key Infrastructure (PKI) 
o Certificate Authority (CA) 


o self-signed certificate 
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A4.1.6 access controls and the methods to restrict users’ access to resources 


e Discretionary Access Control (DAC), users have control of their own files 
and resources 


e Role-Based Access Control (RBAC), administrator sets rules groups of 
users based on their role in an organisation 


e Rule-Based Access Control (RBAC), administrator sets rules for 
individual users 


e resources 
o applications 
o folders 
o files 
o datasets 
o physical resources/devices 
A4.1.7 trusted computing 
e benefits, increased security 
e drawbacks, loss of user control/privacy/anonymity 
A4.1.8 Finding lost or stolen devices 
e device location technology 
o Global Positioning System (GPS) 
o phone home on connection 
o device tracking and location reporting software 
A4.1.9 Device based security 
e timed lockout of desktop/screen 
e desktop/screen lock after failed login attempts 
e memory wipe/factory reset after failed login attempts 
e remote access for lock/wipe/reset of lost/stolen device 
A4.2 Use of encryption 
A4.2.1 storage encryption 
e safe password storage 
e Digital Rights Management (DRM) 


e file, folder, disc, device encryption 
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A4.2.2 communications encryption 
e symmetric encryption 
o secret key 
o Advanced Encryption Standard (AES) 
e asymmetric encryption 
o public and private keys 
o Rivest-Shamir-Adleman (RSA) 
o Diffie-Hellman key exchange 
e integrated into smart, mobile and built-in/embedded devices 
e The Onion Router (TOR) 
e Virtual Private Networks (VPNs) 
e digital certificates and certificate authorities 
e Hypertext Transfer Protocol Secure (HTTPS) 
e public/private keys 
e End-to-End Encryption (E2EE) 
e secure message apps 


A4.3 Precautions that can be taken to protect a Wireless Local Area Network (WLAN) 
from unauthorised access: 


A4.3.1 Media Access Control (MAC) address filtering and hiding the Service Set 
Identifier (SSID) 


A4.3.2 wireless encryption 

e Wi-Fi Protected Access 2 and 3 (WPA2/3) 

e Wi-Fi Protected Setup 

e known wireless vulnerabilities 
o unsecured access point 
o piggybacking/unauthorised use of unsecured network 
o Evil Twin attack/fake access point 
o wireless sniffing/eavesdropping 

e mitigation methods for attacks on Wi-Fi 
o changing default passwords/settings/names 
o use of block and allow lists for device access 
o use of VPNs 
o use of WPA2/3 


o. firewalls 
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A4.4 Security issues during network and system design to ensure security is built 
A4.4.1 expect attacks to happen and plan for them 
A4.4.2 design the system to run on ‘fewest privileges’ 
A4.4.3 assume everyone will get access to the system design 
A4.4.4 avoid reliance on secrecy/obscurity 


A4.4.5 compliance with information security standards such as ISO 27000 


B: Use of networking architectures and principles for security 


Students should apply their knowledge and understanding of the security issues of 
networked systems and how to secure them in organisational contexts. Students should 
be able to interpret and amend schematic diagrams. 


B1 Network types 
B1.1 Applications and features of networks: 
B1.1.1 Network types 
e Local Area Network (LAN) 
e Wireless Local Area Network (WLAN) 
e Wide Area Network (WAN) 
e Storage Area Network (SAN) 
e Personal Area Network (PAN) 
e the internet 
B1.1.2 Private network types 
e intranet 
e extranet 
e cloud network 
B1.1.3 wired and wireless integration 
e ethernet standards for wired and wireless (802 family) 


e compatibility/interoperability issues such as protocols and 
access points 


e admin issues such as channels and IP addresses 

e technical issues such as signal strength and interference 
B1.1.4 schematic diagrams 

e network diagram, logical and physical 


e diagrams showing specific items such as port numbers or 
network addresses 
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B1.1.5 Features/requirements of networks (cyber security related) 


scalability 

software and hardware sharing/compatibility 
data and file sharing/transfer 
performance/response time 

backup management 

security settings 

reliability 

fault tolerance 


communications 


B1.2 Applications and features of network topologies: 


B1.3 
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B1.2.1 physical topologies 


star 

extended star 
hierarchical 
wireless mesh 


ad-hoc (mix of wired and wireless for Bring Your Own Device (BYOD)) 


B1.2.2 logical topologies 


logical bus 


logical ring 


network architecture 


B1.3.1 peer-to-peer 


B1.3.2 client/server 
B1.3.3 thin client 


B1.4 modern trends - applications and security issues of. 


B1.4.1_ virtualisation 


segmentation 
isolation/sandboxing/containerisation 


reduced attack surface 
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B1.4.2 cloud computing 


e configuration issues, default access settings 


e reliance on service provider, data leaks/loss/theft 


e Application Programming Interfaces (API), vulnerabilities in interface 
to cloud services/storage 


e account hijacking 


B1.4.3  BYOD 


e issues with organisational data on a private device 


O 


O 


Oo 


[e) 


12) 


O 


O 


password policy 

owner’s/organisation’s privacy 

data security, on device and when transferred 
patches, maintenance, updates, compatibility 
organisational v personal applications 

erasing/wiping data after use/when no longer required 


tracing/auditing data use/movement 


e Software-Defined Networking (SDN) 


1e) 


12) 


O 


O 


O 


segmentation 
remote management 
automation 
scalability 


reduced hardware requirements 


e Storage Area Network (SAN) 


12) 


Oo 


O 


O 


redundancy 
scalability 
access controls 


encryption/digital certificates 


e Internet of Things (loT) 


O 


12) 


12) 


Application Program Interface (API) security issues 
default passwords/security settings 


lack of patches/updates 
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o Zigbee, Bluetooth 5 and similar low-power wireless technology 
- mesh capability 
- ease of interception/interference 
- range issues 


o botnets 
o spying via networked cameras/smart hubs/TVs 


o exposure of non-traditional networked devices such as medical 
equipment, home appliances, commercial machinery, and vehicles 


e remote working 
o devices seen/used by others such as family members, visitors 
o need for VPN/encrypted link 
o security of home network/Wi-Fi 


o weaknesses of/reliance on third party communication systems such 
as video calls 


o issues around data storage/transfer/use of the cloud 
B2 Network components 
B2.1 Application and features of hardware components: 
B2.1.1 end-user devices, with connectivity and processing 
e mobile devices 
o mobile phone/smartphone 
o laptop/netbook/notebook 
o tablet 
o handheld game console and other entertainment devices 
o smartwatches and fitness trackers 
o digital cameras 
o virtual reality and augmented reality sets 
e fixed, networked devices with processing and/or storage 
o server 
o Personal Computer (PC)/workstation 
o printer 
o scanner 
o Network Attached Storage (NAS) 


o multi-functional devices (any combination of devices in B2.1.1) 
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B2.1.2 connectivity devices 

e switch, managed and unmanaged 

e router, wired and wireless 

e gateway 

e bridge 

e repeater 

e access point 

e USB hub, active and passive 

e modem 
o Digital Subscriber Line (DSL)/copper cable 
o optical fibre modem 


o wireless modem 


e multi-functional devices (any combination of devices in B2.1.2) 


B2.1.3. connection media 
e cable 


o Ethernet 


o universal serial bus (USB), current types and legacy requirements 


e Wireless 
o Wi-Fi, IEEE 802.11 family of standards 
o NFC 
o Bluetooth, current types and legacy requirements 
o cellular, 5G 
e optical fibre 
e LI-Fi 
B2.2 Application and security issues of external media and storage 
B2.2.1 encryption 
B2.2.2 secure disposal 
B2.2.3  loss/theft of media 
B2.2.4 interception/copying 
B2.2.5 data loss/corruption 
B2.2.6 media lifespan/failure 
B2.2.7 malware vector 
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B2.3 Application and features of software components 


B2.3.1 


B2.3.2 


B2.3.3 


network and device operating systems 

e Graphical User Interface (GUI) 

e Command Line Interface (CLI) 

e web interface, internal web page for device control/configuration 
network monitoring, management and troubleshooting tools 
e remote access administration tools 

e performance monitor 

e events and logs viewer 

e vulnerability scanner 

e network analyser/packet sniffer 

network applications 

e remote working tools 

e database 

e document management 


e network discovery/mapping tools. 


B3 Networking infrastructure services and resources 


B3.1 Application and function of: 


58 


B3.1.1 


B3.1.2 


B3.1.3 


Transmission Control Protocol/Internet Protocol (TCP/IP) 

e four layer model 

e Transport Layer Security (TLS) 

e packets and headers 

e error correction 

ports 

e hardware, switch ports 

e software/virtual, Internet Protocol ports 

packet 

e header 

e trailer/footer 

e payload/body/content 

e types 
o Transmission Control Protocol (TCP) 
o Internet Protocol (IP) 


o User Datagram Protocol (UDP) 
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B3.1.4 network address translation (NAT) 

e types 

o Static 

o dynamic 

o Port Address Translation (PAT) 
e structure and format of IPv4 and IPv6 addressing 
e RFC 1918 private addresses 

o Class A: 10.0. 0.0 to 10.255, 255.255 

oe Class Br 17216, 0,010 172,315 255.255 

6. Class C; 192,168; 0.0 to. 192.168, 255.255 


o Automatic Private IP Addressing (APIPA) for DHCP failure, 
169,254,010 169.254,254255 


o reserved IP addresses such as 127.0.0.1 loopback address 
B3.2 Application of domains, sub-domains and segmentation 
B3.2.1 hierarchy 
B3.2.2 trust relationships 
B3.3.3 access control 
B3.3.4 security benefits 
e limits access to devices, data, and applications 
e restricts lateral movement of attack/malware/intruder 
e smaller attack surface 
e simpler damage control 
B3.3 Application of network devices to configure networks 
B3.3.1 server 
B3.3.2 router 
B3.3.3 switch 
B3.3.4 Wireless Access Point (WAP) 
B3.3.5 firewall 
B3.3.6 bridge 
B3.3.7 gateway 
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B3.4 Application and function of network infrastructure services 
B3.4.1 Domain Name System (DNS) 
e DNS resolution process 
e reverse DNS resolution 
e DNS cache 
e |IPv6 DNS 
B3.4.2 directory services (DS), identity and access management 
e active directory 
e open directory 
e OpenLDAP 
B3.4.3 authentication services 
e types 
o single-factor 
o two-factor (TFA) 
o multi-factor (MFA) 
o single sign on (SSO) 
e authentication protocols 
o Password Authentication Protocol (PAP), (RFC 1334) 
o Challenge Handshake Authentication Protocol (CHAP), (RFC 1994) 
o Extensible Authentication Protocol (EAP), (RFC 5247) 
B3.4.4 Dynamic Host Configuration Protocol (DHCP) 
e DHCP servers and clients 
e IP address allocation process 
e basic configuration settings 
o address ranges 
o lease information 
o reservations/static addresses 
o dynamic addresses/allocation 
o automatic addresses/allocation 


o server address 
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B3.4.5 routing 


Static 

dynamic/adaptive 

routing tables 

Interior Gateway Protocols (IGPs), within one network/organisation 
Exterior Gateway Protocols (EGPs), between networks 


Border Gateway Protocol (BGP), internet routing 


B3.4.6 remote access services 


by dial-up, using telecommunications services 

by VPN, over the internet 

handshake/connection processes, client-host/server 
uses/gives access to 

o devices 

o files 

o data 

o desktops 


o applications 


B3.5 Application and function of network services and resources 


B3.5.1_ file and print services 


file server, networked file storage 

print server, networked printer 

file management, tracking, sharing 

print management, sharing, queueing, prioritising 


printer configuration and driver management 


B3.5.2 web, mail and communications services 


web services 

o use HTTP or HTTPS protocols 

o use XML messaging system 

o are independent of operating system or programming language 


allow applications to communicate 


oO 


o allow sharing of data, functionality 
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e mail services 


o use Simple Mail Transfer Protocol (SMTP), Post Office Protocol (POP), 
and Multipurpose Internet Mail Extensions (MIME) 


o protocols lack built-in encryption 

o mail server and client 

o process of finding destination server for mail delivery 
o communications services 

o email 

o Voice over IP (VoIP)/Internet Calling 

o SMS/text Messaging 

o video conferencing 

o social networking applications 

o online collaboration tools 


o Communication as a Service (CaaS) 


C: Cyber security documentation 


Students should know and understand the governance policies and documents needed 
to establish and maintain security on an ongoing basis. 


C1 Internal policies 
General IT policies 
C1.1_ Use of general security-related IT policies and their effectiveness 


C1.1.1 a cyber security policy that uses the Plan-Do-Check-Act loop derived 
from part of the International Organization for Standardization (ISO) 
27001:2013 


e policies on internet and email use 
o inappropriate, offensive, illegal material 
o sending confidential information 
o privacy issues 
o upload/download of copyrighted material, music, video 
o download of executable files 
o visiting potentially dangerous websites 


o organisations rights and obligations to scan traffic, 
monitor activities, retain copies of emails, etc. 
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e security and password procedures 


O 


O 


O 


[e) 


Oo 


[e) 


length/strength policy 

management and enforcement tools 
deny lists of common/weak passwords 
monitoring/logging of password attempts 
lockout policy for inactivity, login attempts 


use of technology to reduce requirement for passwords 


e staff responsibilities 


O 


O 


12) 


12) 


complete required security training 
follow security procedures and report problems 
respond to/report suspicious activity 


maintain security in own workspace/behaviour 


e staff IT security training 


O 


[e) 


1e) 


leadership/management to ensure training is 
Staffed/funded/resourced 


flexibility of training program so everyone can take part 
range of training resources/learning styles 

progress tracking 

incentives rather than punishment 


ongoing training for reinforcement and for new threats 


C1.1.2 security audits and their application to check compliance against policies 


e audit goals and scope 


e identify problems/gaps/weaknesses 


e check against internal policies 


e check against external regulations/laws 


e reporting of results, required improvements/changes 


C1.1.3. backup policy 


e selection of data 


e backup methods 


e backup type 


e frequency/scheduling 


e storage strategy 


e responsibility, accountability 


e backup testing strategy 
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e legal/regulatory compliance 
e emergency/recovery procedures 
C1.1.4 data protection policy to ensure organisational compliance 
e Data Protection Officer 
e follow data protection principles 
e protecting rights/privacy 
e staff training 
e system security procedures 
e application of policy to external contractors/consultants/vendors etc. 
e responsibility and accountability of staff/organisation 
C1.1.5 cyber security incident response policy 
e contacts 
o incident response team leader/provider 
o IT team leader/provider 
o senior management 
o legal 
o public relations 
o human resources 
o insurance 
e procedures/flowcharts/checklists for 
9 initial decisions/triage/escalation 
o main response, analysis, containment, mitigation, recovery 
o reviewing, reporting, closing the incident 
e communications 
o contact telephone plus alternative/backup 
o conference call facility 
C1.1.6 disaster recovery policy 
e purpose and scope 
e triage, a list of possible events, their severity and appropriate response 
o activate cyber security incident response 
o activate business continuity plan 
o activate disaster recovery plan 


e roles, responsibilities 
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e contact lists 
e monitoring and reporting requirements 
C1.1.7 external services policy 
e general for external services policies 
o authorization and access control 
o management, responsibility, accountability 
o contact details 
o regulatory compliance 
o incident response procedures 
e cloud 
o cloud resources requiring protection 
o acceptable use 
o data protection 
e hardware 
o sources, vendors, contractors, other third parties 
o service agreements 
o maintenance and support 
e software 
o sources, vendors, contractors, other third parties 
o service agreements 
o licencing 
o software support 
e support 
o service time/availability 
o response time - report to support starting 
o troubleshooting/completion/solution time, time to fix the problem 


o escalation procedures 
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D: Forensic procedures 


D1 Forensic collection of evidence 


Students should apply their knowledge and understanding of the methods for collecting 
forensic evidence following a security incident 


D1.1 Forensics on devices - servers, PCs and mobile devices 


D1.1.1 meeting requirements for forensics 


confiscation of devices 

o prior planning for a range of devices/scenarios 
o passwords, codes, PINs, etc. 

o chargers, cables etc. for mobile devices 

o retain current power state/status if possible 


o isolation of device from network/communications (if device is 
suspected to be communicating) 


- photograph screen 

- turn off device 

- remove battery/power cable 

- use airplane mode 

- disable wireless communication 
- use Faraday bag/cage 


o appropriate packaging 

o document chain of custody 
o establish legal permissions 
taking an image of the system 
using a forensic analysis tool 
reviewing files and settings 
reviewing system logs 
reviewing user activity 


malware analysis and alerts 


D1.1.2 the challenges of live forensics 
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changing data in situ 

recovering corrupted data and preventing data corruption 
capturing data in active memory 

capturing remote data 


not losing temporary files 
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D1.1.3. network forensics 


agreeing a network-testing forensics methodology with supervisory and 
investigatory authorities 


scanning of local infrastructure 

o ensuring permission is granted 

o ensuring that testing protocol will not disrupt a live system 
o passive and active analysis tools 

reviewing and analysing firewalls and infrastructure devices 

o switch 

o router 

o Wireless Access Point (WAP) 

o Client or server logs 


analysing malware activity and alerts 


D1.1.4 Documenting the scene 


prior planning for a range of scenarios 
securing the scene 

plans, photos, diagrams of the scene 
contemporaneous notes 


witness statements 


D2 Systematic forensic analysis of a suspect system 


Students should apply their knowledge and understanding of the requirements and 
processes for forensic analysis 


D2.1 Requirements for maintaining an accurate record, made at the time, or as soon 
after the incident as possible 


D2.1.1 Retaining snapshots of the system 


originals/clean system for comparison 

generate hash function/checksum for copies/images 
whole disk/machine, with/without ‘boot’ facility 
files/folders directories/data structures 

memory, RAM, BIOS, memory cards/SIM 

virtual discs/machines 

process/sub-process output/activity 


network information such as open ports, IP addresses, user logins 
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D2.1.2 


D2.1.3 


D2.1.4 


D2.1.5 


e temporary files, deleted data 


e system generated data such as System Volume Information, 
hibernation files, shadow copies, crash dumps, page files, 
synchronisation files 


Requirements for the recording of all findings and considering how reliable 
the evidence is 


e no collection/action that could change data on a digital device 
e collection by competent person 
e creation of trail or record of all actions taken, chain of custody 


e documentation of who is responsible for 
collection/decisions/enforcement of standards 


Requirements for the recording of any alterations that have been 
intentionally and unintentionally imposed by the investigator 


e documentation of all actions from initial seizure 

e potential inadmissibility of altered data 

e working with copies/images rather than original data/device 
Requirements for the creation of visual evidence of findings 

e photos, videos 

e screenshots 

e data-time stamps. metadata 

Ensuring the evidence is relevant and not a false positive 

e defining file signatures, search criteria, etc. 

e known/estimated error rates of tools/target data types 

e feedback of false positive data to improve detection method/algorithm 
e alert fatigue for high false positive rates 

e manual review of all positives to filter obvious false ones 


e further investigation/check of filtered positives 


D2.2 Assessing the findings to determine whether or not they: 
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D2.2.1 


provide evidence of a crime and/or an incident 
e criminal 

e regulatory breach 

e civil liability, contractual breach 

e non-compliance with internal policy 

e cyber attack 


e negligence, mismanagement, etc. 
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D2.2.2 show that the system has been externally and/or internally compromised 
e unusual traffic 
o inbound 
o outbound 
o from unusual geographical regions 
o DoS/DDOS signs 
e unusual login attempts 
e unusual DNS requests 
e increase in file/data reads 
e increase in file/data requests 
e unusual port usage 
e suspicious changes to files/data 
e suspicious access to/changes to system files/data 
D2.3. Writing security reports on 
D2.3.1 actions to prevent security incidents from reoccurring in the future 
e general report structure 
o title 
o contents 
o introduction 
o headings and sub-headings 
o consistent use of bullets and numbering 
o conclusions 
o footnotes 
o citations 
e analysis of the incident to identify 
o errors/omissions in procedures 
o unforeseen problems 
o errors/omissions in preventative measures 
o errors/ delays in detection/alerting 
o remedial actions 


D2.3.2 improvements to the content of IT policies 
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D2.3.3 improvements to security protection measures 


physical 

software 

hardware 

processes and procedures 


training 
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Skills 
MY -TPR EL- MOL IS - WC SP - CT * 
MY - PS&R EL-CL IS -V&NC SP -PS 
MY - COP EL-SRS IS-T SP - C&l 
MY - PGS EL-PRS IS - C&SI 
Table key 
i Signposted to indicate opportunities for development as part of wider 
teaching and learning. 
v Embedded in teaching, learning and assessment 
blank TS not embedded or signposted in unit 
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Key terms typically used in assessment 


The following table shows the key terms that will be used consistently by Pearson in our 
assessments to ensure students are rewarded for demonstrating the necessary skills. 


Please note: the list below will not necessarily be used in every paper/session and is 


provided for guidance only. 


Complete 


Describe 


Students provide an account of something 


Students add or amend a diagram or 
process. Can apply to problems/solutions 
of varying complexity. 


or highlight several key features of a given 
topic. May also be used in relation to the 
stages of a process. 


Explain 


Students identify a point and give a linked 
justification/exemplification of that point. 


The answer must contain some linked 
reasoning. 


Evaluate 


Students consider various aspects of a 
subject's qualities in relation to its context 
such as: strengths or weaknesses, 
advantages or disadvantages. They come 
to a judgement supported by evidence 
which will often be in the form of a 
conclusion. 


Identify 


Students select some key information 
from a given stimulus/resource. 


State, name, give 


Students recall one or more pieces of 
information 
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Unit 3: Website Development 


Level: 3 
Unit type: Internal 


Guided learning hours: 60 


Unit in brief 


Students will investigate fundamental principles in website development. They will design 
and develop a website in response to a client brief. 


Unit introduction 


Website development skills are more essential than ever if you want to be noticed, reach 
your goals and generate interest in today’s sophisticated, competitive and dynamic online 
environment. Modern lifestyles are digitally driven and as a website developer you must 
combine different tools and techniques to capture and maintain the user's interest. 
Website developers need to understand and acquire the necessary skills to find solutions 
to a variety of scenarios and problems. 


In this unit, you will explore how existing websites use the principles of website 
development to appeal to their intended audience and meet their specific purpose. You 
will plan, design and develop a website in response to a client brief by applying website 
development tools, techniques and processes. You will also reflect on the usability, 
functionality and fitness for purpose of the website using a testing and review process. 


Many software developers, database experts and systems managers need web-client 
development skills as an integral part of their overall portfolio of expertise. This unit will 
benefit you to progress on to information technology courses in higher education. 


Learning aims 
In this unit you will: 


A Understand how the principles of website development are used to create effective 
websites. 


B Explore website design skills and techniques to meet client requirements. 


C Develop a website to meet client requirements. 
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Summary of unit 


Key content areas Assessment approach 


A Understand how the 
principles of website 
development are used to 
create effective websites 


A1 Purpose and principles 
of websites 


A2 Planning a website in 
response to a client brief 


Pearson-Set Assignment 
Brief Task 1: Conduct 
research to analyse how 
the principles of website 
development are used to 
meet a specific purpose 
and develop ideas and 
plans to meet a client's 
requirements. 


B Explore website design 
skills and techniques to 
meet client requirements 


C Develop a website to 
meet client requirements 
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B1 Website design 


B2 Asset management 
techniques 


C1 Common tools and 
techniques to produce 
a website 


C2 Website development 
processes 


C3 Testing 


Pearson-Set Assignment 
Brief Task 2: Produce 
designs and assets for a 
website to meet a client's 
requirements. 


Pearson-Set Assignment 
Brief Task 3: Develop a 
website to meet a client's 
requirements. 


UNIT 3: WEBSITE DEVELOPMENT 


Content 


The essential content is set out under content areas. Students must cover all specified 
content before the assessment. 


Learning aim A: Understand how the principles of website development are 
used to create effective websites [EL-SRS] 


A1 Purpose and principles of websites 
e Purpose and audience: 
o purpose of websites, to include: 
- eCommerce 
- to provide information 
- to promote products or services 
- to provide entertainment 
o target audience, to include: 
- demographics 
- user personas. 
e Principles of website development: 
o page layout, to include: 
- F-Shaped pattern 
- Z-shaped pattern 
- grid layout 
- visual hierarchy 
- grouping elements 
- separating content 
- unconventional layouts 
o navigation, to include: 
- fixed/sticky navigation bars 
- vertical navigation 
- hamburger menu 
- logical navigation 
o content, to include: 
- written content 
- visual content 
- calls-to-action 
o design, to include: 
- typography 
- colour scheme 
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o user experience: 
- accessibility, to include: 


colour contrast 

colour combinations 
closed captions, transcripts 
keyboard-only navigation 
breadcrumbs 
customisable features 


- consistency, to include: 


branding 

page layout 

design 

User Interface (Ul) elements 


- user-friendly, to include: 


simplicity 
intuitive 
engaging 
responsive 


— use of motion and movement, to include: 


micro-interactions 
animation 

parallax scrolling 
image sliders 
purpose of motion 


o dynamic websites, to include: 
- customised user experience 
- controlled access to content 
o cross-browser compatibility, to include: 
- reducing discrepancies in different browsers 
- mobile compatibility 
o search engine optimisation. 


A2 Planning a website in response to a client brief 


e Establishing the client's requirements: 


o purpose, to include: 

- problem to be solved 

- key messages 

- user motivations and goals 
o intended audience 
o technical requirements 
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e Research to identify new ideas: 

existing websites 

content ideas 

available resources 

legal and ethical constraints: 

- copyright 

data protection 

digital accessibility 

- inclusive and diverse content and representations 


Oo 0 0 9O 


e Structuring the website: 
o site map: 
- number of pages 
- content and features 
- site navigation. 


Learning aim B: Explore website design skills and techniques to meet client 
requirements 


B1 Website design 
e Creating wireframes: 

o wireframing tools, to include: 

- sketching on paper 

graphic design software 

- UX design software 

- wireframing app 
o wireframing techniques, to include: 
hierarchy of page elements 
balance of content 
- grouping elements 
- aligning elements 
accurate dimensions. 


e Design ideas: 
o visual Style, to include: 
- colour palette 
- branding 


- typography 
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e Reviewing fitness for purpose: 


o quality, to include: 


clarity 
detail 


o user experience 
o meeting client requirements. 


B2 Asset management techniques 


e Creating assets: 


o writing headlines and copy, to include: 


short sentences 

short paragraphs 

avoiding jargon 

appropriate mode of address 


o visual assets, to include: 


image editing techniques 
image manipulation techniques 
vector graphic drawing techniques. 


e Sourcing assets, to include: 


o written copy 
o stock images 
o icons 
o video. 


e Preparing assets, to include: 


o trimming video 


o compression 
o file formats. 


e Managing assets, to include: 


o logical folder structure 
o naming conventions. 


Learning aim C: Develop a website to meet client requirements [MY-TPR] 


C1 Common tools and techniques to produce a website 


e Hypertext Markup Language (HTML): 


o navigation, to include: 
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menus 
internal and external links 
anchors 
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adding content, to include: 
- text 

- images 

- video 

- tables of information 
forms. 


e Cascading Style Sheets (CSS): 


O 


styling, to include: 

- colour 

- web typography 

- text formatting 

- links and buttons 

- tables 

- forms 

page layout, to include: 

- CSS box model 

- responsive layouts, to include: 
» CSS media queries 
* layout tools. 


e Function of JavaScript in website development, to include: 


O 


oO 0 0 9O 


displaying images: 

- sliders 

- gallery 

displaying information: 
accordion 

tabs 

- modal box 

- filtering information 
animation: 

- hover effects 

- transitions 

- animated logo 

- motion 

search functionality 
shopping cart 
interactive maps 
video, to include: 

- controlling video 

- video backgrounds. 
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C2 Website development processes 
e Accessibility: 
o features, to include: 
- alternative tags 
- zoom features 
- text-to-speech 
o standards, to include: 
- Web Content Accessibility Guidelines (WCAG) 
- World Wide Web Consortium (W3C) standards 
- HTML5 standards 
o semantic HTML. 
e Consideration of search engine optimisation. 
e Self-review: 
o areas for consideration: 
- quality in comparison to similar websites 
- suitability for audience and purpose 
- meeting client requirements 
- legal and ethical constraints 
- consistency 
- readability 
e Publishing the website. 
C3 Testing 
e Functionality testing: 
o test plan 
o areas, to include: 
- links 
- user interactivity 
- responsive to different screen sizes. 
e Usability testing: 
o user testing audit 
o areas, to include: 
- accessibility 
- logical navigation 
- Clarity of information 
- user experience. 
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Assessment criteria 


Learning aim A: Understand how the principles of website development are 
used to create effective websites 


Pes Met Distinction 


A.P1 Undertake research A.M1 Undertake research | A.D1 Carry out effective 


which shows adequate which shows a good research to demonstrate a 
understanding of how the —_| understanding of how thorough understanding of 
principles of website the principles of website the principles of website 
development are used to development are used to development and how to 
meet a specific purpose, meet a specific purpose, comprehensively meet the 
using partially relevant using mostly relevant client's requirements, using 
examples. examples. pertinent examples. 

A.P2 Produce a site map A.M2 Produce a site map 

that partially meets the that mostly meets the 

client's requirements. client's requirements. 


Learning aim B: Explore website design skills and techniques to meet client 
requirements 


Pass Mert Distinction 
B.P3 Produce adequate B.M3 Produce mostly B.D2 Make effective use 
wireframes and visual effective wireframes and of website design skills to 
designs for a specific visual designs for a specific | develop designs and assets 
purpose. [SP-C&l] purpose. that comprehensively meet 
B.P4 Use asset B.M4 Use asset the GIEnEs requirements: 
management techniques management techniques to 

to develop assets that develop assets that meet 

partially meet the client's most of the client's 

requirements. [SP-C&l] requirements. 


Learning aim C: Develop a website to meet client requirements 


ess Mere Distinction 


C.P5 Use tools, techniques, | C.M5 Use tools, techniques, | C.D3 Use tools, techniques, 
processes and testing to processes and testing to processes and testing to 
produce a website that produce a website that produce a website that 
partially meets the client's | meets most of the client's comprehensively meets 
requirements. [SP-C&l] requirements. the client’s requirements. 
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Transferable skills 


Skills 
MY - TPR * EL- MOL IS - WC SP=CT 
MY —- PS&R EL-CL IS -VC SP -PS 
MY - COP EL=SRS:* IS-T SP-C&l V 
MY - PGS EL-PRS IS— C&SI 
Table key 
i Signposted to indicate opportunities for development as part of wider 
teaching and learning. 
v Embedded in teaching, learning and assessment 
blank TS not embedded or signposted in unit 
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Essential information for Pearson Set Assignment Briefs (PSAB) 
Pearson sets the assignment for the assessment of this unit. 

The PSAB will take 15 hours to complete. 

The PSAB will be marked by centres and verified by Pearson. 

The PSAB will be valid for the lifetime of this qualification. 


Assessing the PSAB 
You will make assessment decisions for the PSAB using the assessment criteria provided. 


Section 7 gives information on PSABs and there is further information on our website. 
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Further information for teachers and assessors 


Resource requirements 


For this unit, students must have access to resources that will enable them to develop the 
skills and techniques to design and develop websites, including: 


e wireframing tools 
e software and apps to create visual styles and visual representations 
e equipment and software to create and prepare assets 


e software tools to develop a website. 
Essential information for assessment decisions 


Learning aim A 


For distinction standard, students will show a thorough understanding of how different 
websites combine principles of website development to meet their purpose. Students will 
also analyse the impact of the use of these principles on the user. Students will draw on 
pertinent examples and consider positive and negative outcomes. 


Students will conduct accomplished research to underpin their planning, including 
effective research into existing websites, possible content for the website and legal 
and ethical constraints. A detailed site map will be annotated to clearly show how the 
proposed website will meet the client requirements. 


The response will be considered and well-structured and relevant technical vocabulary 
will be used accurately. 


For merit standard, students will show good understanding of how different websites 
employ principles of website develooment to meet their purpose. Students will also 
explain the impact of the use of these principles on the user. Understanding will be 
supported by some mostly relevant examples from the chosen websites. 


Students will conduct mostly effective research to underpin their planning, including 
relevant research into existing websites, possible content for the website and legal and 
ethical constraints. A site map will be annotated to show how the proposed website will 
meet most of the client requirements. 


The response will have an appropriate structure and some relevant technical vocabulary 
will be used. 


For pass standard, students will show adequate understanding of how different 
websites employ some principles of website develooment to meet their purpose. 
Understanding will be supported by some partially relevant examples from the 
chosen websites. 
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Students will conduct adequate research to underpin their planning, including some 
research into existing websites, possible content for the website and legal and/or ethical 
constraints. A site map will show how the proposed website will meet some of the client 
requirements. 


The response will be detailed, although it may lack a coherent structure and it may 
include some inaccuracies. 


Learning aim B 


For distinction standard, students will make accomplished use of wireframing tools and 
techniques to produce effective wireframes. Effective designs for the visual style of the 
website and representations of the web pages will demonstrate thorough understanding 
of the client's requirements and user needs. 


Assets will be created, sourced and prepared through effective use of asset management 
techniques. The assets will have clear audience appeal and will comprehensively meet the 
client's requirements. 


For merit standard, students will make good use of wireframing tools and techniques 
to produce mostly effective wireframes, successfully achieving the result for the specific 
purpose. Appropriate designs for the visual style of the website and representations of 
the web pages will demonstrate good understanding of the client's requirements and 
user needs. 


Assets will be created and sourced through good use of asset management techniques. 
The assets will have appropriate audience appeal and meet most of the client's 
requirements, although one or two requirements may be missed. 


For pass standard, students will make basic use of wireframing tools and techniques to 
produce adequate wireframes. Straightforward designs for the visual style of the website 
and representations of the web pages will demonstrate partial understanding of the 
client's requirements. 


Assets will be created and sourced through basic use of asset management techniques. 
The assets will have some appropriate audience appeal and will meet the key 
requirements of the client but will not meet other requirements of the client. 


Learning aim C 


For distinction standard, students will make creative use of tools and techniques to 
build a website that meets all of the client's requirements. Effective understanding of web 
standards will be demonstrated through the development of a consistent and accessible 
website. 


Students will conduct effective functionality and usability testing. Students will use the 
outcomes of the testing and a thorough self-review of their website to make considered 
refinements to the final website. 
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For merit standard, students will make good use of tools and techniques to build 

a website that meets most of the client's requirements, although one or two minor 
requirements may be missed. Students will demonstrate good understanding of web 
standards through the appropriate use of accessibility features that clearly meet the 
requirements of the brief. 


Students will conduct appropriate functionality and usability testing. Students will use 
the outcomes of the testing and a self-review of their website to make appropriate 
refinements to the final website. 


For pass standard, students will make basic use of tools and techniques to build 
a website that meets the key requirements of the client but will not meet other 
requirements of the client. The website will be functional, although there may be 
some performance issues. 


Students will provide evidence of straightforward functionality and usability testing. 
Students will use the outcomes of the testing and a self-review of their website to 
refine the final website. 
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Links to other units 


This assessment for this unit should draw on knowledge, understanding and skills 
developed from: Unit 1: Information Technology Systems. 
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Unit 4: Relational Database Development 


Level: 3 
Unit type: Internal 


Guided learning hours: 60 


Unit in brief 


Students will examine relational database development principles to understand the 
importance of data storage and normalisation techniques and apply their skills to design 
and develop data storage solutions to meet a client's requirements. 


Unit introduction 


Databases underpin many processes in numerous aspects of modern society. From 
stock control systems for large multi-outlet online retailers to the smallest niche internet 
forums, databases are a repository of information that make up the world wide web as 
we know it. Database developers understand and use practical skills utilising technologies 
that will enable them to design and develop databases that can be used by many 
different connecting systems. 


In this unit, you will examine the structure of data and how an efficient data design 
follows through into an effective, useful database. You will investigate database 

management systems (DBMS) and apply practical skills in designing and developing 
a database within a given DBMS. 


This unit will provide you with the knowledge, and skills needed for progression on to 
higher education programmes in Information Technology. 


Learning aims 
In this unit you will: 


A Understand how the principles of relational database models, data storage 
and normalisation are used to create effective relational database solutions. 


B Design a relational database solution to meet client's requirements. 


C Develop a relational database solution to meet client’s requirements. 
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Summary of unit 


A Understand how the 
principles of relational 
database models, data 
storage and normalisation 
are used to create effective 
relational database 
solutions 


A1 Relational database 
management systems 


A2 Manipulating data 
structures and data in 
relational databases 


A3 Normalisation 


A4 Planning a relational 
database solution in 
response to a client brief 


Key content areas Assessment approach 


Conduct research to 
analyse how the principles 
of relational database 
management systems, data 
storage and normalisation 
are used to meet a specific 
purpose and develop 
planning evidence to meet 
a client’s requirements. 


B Design a relational 
database solution to 
meet client requirements 


B1 Relational database 
design techniques and 
processes 


B2 Design documentation 


B3 Reviewing and refining 
designs 


Produce, review and refine 
designs in an iterative 
process to meet a client's 
brief. 


C Develop a relational 
database solution to 
meet client requirements 


C1 Producing a database 
solution 


C2 Testing the database 
solution 


C3 Reviewing the database 
solution 
C4 Optimising the 
database solution 


Use tools and techniques to 
create a relational database 
solution to meet a client's 
requirements. 
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Content 


The essential content is set out under content areas. Students must cover all specified 
content before the assessment. All topics require students to apply knowledge, analyse 
and evaluate. 


Learning aim A: Understand how the principles of relational database 
models, data storage and normalisation are used to create effective 
relational database solutions 


A1 Relational database management systems 
e Types of relational database management systems (RDBMS) and their operating 
system support 
o desktop databases 
o server databases, to include: 
- My Structured Query Language (MySQL) 
- Oracle® 
e Types of relational data structure concepts 
relation 
attribute 
domain 
tuple 
degree 
cardinality 


Oo O0O 0 0 0 O 


e Relational algebra sets and symbols 
o union 
o intersect 
o join and select 

e Relational keys 

Super key 

candidate key 

primary key 

o foreign key 


Oo OO 9O 


e Integrity constraints 
o entity integrity 

o referential integrity 

e Entity relationship types 


o one-to-one 


o one-to-many 
o many-to-many 
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A2 Manipulating data structures and data in relational databases 
Defining, modifying and removing data structures and data 
e Updating, inserting, modifying and deletion 
e Retrieval of data for: 
o queries 
o reports 
A3 Normalisation 
The role of normalisation in developing efficient data structures 


e Anomalies 
o update 
o insertion 
o deletion 
e Keys 
o primary 
o foreign 
o composite 
e Referential integrity 
e Data dictionary 
e Stages of normalisation 
o un-normalised form (UNF) 
o first normal form (1 NF) 
o second normal form (2NF) 
o third normal form (3NF) 
A4 Preliminary scoping of a relational database solution in response to a 
client brief 
e Purpose, to include: 
o problem to be solved 
o technical requirements 
e Research 
o existing databases 
structuring data, to include: 
- tables 
- keys 
o available resources 
e Technical vocabulary 


e Logical structure 
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Learning aim B: Design a relational database solution to meet client 
requirements [MY-TPR] 


B1 Relational database design techniques and processes 


Techniques and processes to consider when designing relational databases 


Entity relationship modelling 
o conceptual 
- entity names 
- relationships 
- relationship types 
o logical 
- entity names 
- relationships 
- relationship types 
- attributes 
- primary keys 
- foreign keys 
e Relational algebra 
one to many 
one to one 
many to many 
AND 


Or FOU 10 Ov “OF Or FO" 7O .Or -O 


e DBMS selection, to include: 
o desktop software 
o Cloud/Server-based 
e Database implementation techniques 
o prototyping 
o testing 
e Quality, effectiveness and appropriateness of the solution 
o correctness of data 
o relationships between data 
o data integrity 
o normalisation 
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B2 Design documentation 
Design specification 
e Requirements of the brief 
e Audience 
e Purpose 
e Client requirements 
e Legal and ethical considerations 
o data protection legislation 
o applicable regulations 
e Data structure designs 
o data dictionaries 
- tables 
- field names 
- field lengths 
- data types 
- validation 
o entity relationship modelling 
o normalisation 
e User interface design 
o form design 
- input fields 
- calculated fields 
- disabled fields 
- combo boxes 
- list boxes 
- radio buttons/groups 
- validation 
- masks 
- user help 
o menu design 
- action buttons to initiate tasks 
o queries 
- multiple criteria 
- form values 
- wild cards 
- action queries 
- calculated queries 
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o reports 
- calculated fields 
- grouping 
- presentation of data 
- layouts 
- conditional formatting 
o task automation, to include: 
- macros 
- scripts 
- program code 
e Test plans to check: 
o data integrity 
o functionality 
o accessibility 
o usability 
e Implementation plan 
e Timescales 
B3 Reviewing and refining designs 
e Self-review: 
o areas for consideration: 
- suitability for user 
- meeting client requirements 
legal and ethical constraints 
- consistency 


e Refining ideas and solutions 


e Updating design specification documentation 


Learning aim C: Develop a relational database solution to meet client 
requirements [MY-TPR] 
C1 Producing a database solution 


Use of an appropriate database management system and Structured Query Language 
(SQL) to produce a database solution to meet client's requirements 


e Creating, setting up and maintaining data tables 
e Creating links/relationships between data tables 


e Applying data validation rules 
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Generating outputs, to include: 
o user-generated queries 

o automated queries 

o reports 

User interface, to include: 

o navigation 

o data entry forms 

o child forms 

Task automation 


Populating the database 
o importing 

o adding data 

o manipulating data 


C2 Testing the database solution Different types of testing 


o referential integrity 

o functionality 

Selection and use of appropriate test data 
o erroneous 

o extreme 

o normal 

Object testing 

o tables 

o queries 

o reports 

o forms 

o menus 

Usability testing 

o selecting suitable test users 

o devising suitable usability tests 
Gathering feedback from users 

Producing appropriate test documentation 


Making use of testing outcomes to improve and/or refine the database solution. 


C3 Reviewing the database solution 


Criteria for use when reviewing the database solution against 
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Quality of the database 
Fitness for purpose 


Suitability against the original requirements 


Pearson Level 3 Alternative Academic Qualification BTEC National in Information Technology 
(Extended Certificate) - Specification - Issue 1 - July 2024 © Pearson Education Limited 2024 


UNIT 4: RELATIONAL DATABASE DEVELOPMENT 


e Legal and ethical constraints 
e Strengths and improvements 
C4 Optimising the database solution 
e Data types 
e Data sizes, to include: 
o size on disk 
o data storage requirements e.g. image storage 
e Many tables, to include: 
o overheads for many tables 
o query complexity 
e Query optimising, to include: 
o select specific columns 
o efficiency of joins/sub-queries. 
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Assessment criteria 


Learning aim A: Understand how the principles of relational database 
models, data storage and normalisation are used to create effective 
relational database solutions 


A.P1 Demonstrate an 
adequate understanding 
of how the principles of 
relational database models, 
data storage and 
normalisation are used 

to provide reliable data 
structures to meet a 
specific purpose, using 
partially relevant examples. 


A.P2 Carry out adequate 
research into relational 
database models, data 
storage and normalisation 
to produce a preliminary 
scoping document that 
partially meets the client's 
requirements. [IS-WC] 


A.M1 Demonstrate a good 
understanding of how the 
principles of relational 
database models, data 
storage and normalisation 
are used to provide reliable 
data structures to meet a 
specific purpose, using 
examples that are mostly 
relevant and appropriate. 


A.M2 Carry out mostly 
detailed research into 
relational database 
models, data storage and 
normalisation to produce 
a preliminary scoping 
document that considers 
most of the client's 
requirements. 


ess Mert Dithcton 


A.D1 Carry out effective 
research to demonstrate a 
thorough understanding of 
the principles of relational 
database models, data 
storage methods and 
normalisation and how 

to comprehensively meet 
the client's requirements 
in a preliminary scoping 
document, using pertinent 
examples. 


Learning aim B: Design a relational database solution to meet client 


requirements 


B.P3 Produce a design 
and documentation for 

a relational database 
solution to meet some of 
the client’s requirements. 
[IS-WC] 


B.M3 Produce a design 
and documentation for a 
relational database solution 
to meet most of the client's 
requirements. 


B.D2 Produce a design 
and documentation 

for a relational 

database solution to 
comprehensively meet 
the client's requirements. 
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Learning aim C: Develop a relational database solution to meet client 


requirements 
Pass 


C.P4 Use tools, techniques, 
processes and testing to 
produce a relational 
database solution that 
meets some of the client's 
requirements. [SP-C&l] 


Merit 


C.M4 Use tools, techniques, 
processes and testing to 
produce a relational 
database solution that 
meets most of the client's 
requirements. 


Distinction 


C.D3 Use tools, techniques, 
processes and testing to 
produce a relational 
database solution that 
comprehensively meets 
the client’s requirements. 
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Transferable skills 


Skills 
MY - TPR* EL - MOL IS-WCv ap CT 
MY —- PS&R EL-CL IS -V&NC SP -PS 
MY - COP EL-SRS IS-T SP- C&l Vv 
MY - PGS EL- PRS IS - C&SI 
Table key 
i Signposted to indicate opportunities for development as part of wider 
teaching and learning. 
v Embedded in teaching, learning and assessment 
Blank TS not embedded or signposted in unit 
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Essential information for Pearson Set Assignment Briefs (PSAB) 
Pearson sets the assignment for the assessment of this unit. 

The PSA will take 15 hours to complete. 

The PSA will be marked by centres and verified by Pearson. 


The PSA will be valid for the lifetime of this qualification. 


Assessing the PSA 
You will make assessment decisions for the PSA using the assessment criteria provided. 


Section 7 gives information on PSAs and there is further information on our website. 
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Further information for teachers and assessors 


Resource requirements 


For this unit, students must have access to: 


e software resources that will allow them to use tools and techniques (as given in the 
unit content) to design and develop a relational database. 


e asuitable RDBMS, e.g. Access™, MySQL, Oracle. 
Essential information for assessment decisions 


Learning aim A 


For distinction standard, students will provide a clear and balanced evaluation of 
relational database principles and a comparison of the advantages each stage of 
normalisation offers to the effectiveness of the data model. Students will also provide 
clear examples of normalisation within relational data models. Students will articulate 
their arguments and views concisely and professionally, and evaluate concepts, ideas 
and actions in order to reach reasoned and valid conclusions. The scoping document will 
demonstrate high-quality written communication through the use of accurate and fluent 
technical vocabulary to support a well-structured and considered response that clearly 
connects chains of reasoning. 


For merit standard, students will undertake an in-depth analysis of relational database 
principles and normalisation and be able to articulate this using appropriate examples. 
There will be detailed explanation of normalisation and a clear discussion on how the 
process improves the efficiency of a relational database. Students will use mostly 
appropriate diagrams and mostly relevant examples to enable the concept to be 
relayed effectively. The scoping document will be mostly technically accurate and will 
demonstrate good-quality written communication. 


For pass standard, students will explain the structure of data and how suitable database 
management systems, with which they are familiar, allow data to be manipulated and 
presented. Students will show an understanding of normalisation and the process 
involved; they will also support their explanations with some relevant examples. The 
scoping document may contain some technical inaccuracies and may not always be 

clear or fluent. 


Learning aim B 


For distinction standard, students will make accomplished use of relational 

database design skills to produce a design solution. The design of data structures and 
management will demonstrate thorough understanding of the client's requirements and 
user needs. 


A design specification, project timescale and test plan will be created through effective 
design skills and techniques. The design specification will comprehensively meet the 
client's requirements. 
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For merit standard, students will make good use of relational database design skills 
to produce a design solution. The design of data structures and management will 
demonstrate good understanding of the client's requirements and user needs. 


A design specification, project timescale and test plan will be created through good 
design skills and techniques. The design specification will meet most of the client's 
requirements. 


For pass standard, students will make basic use of relational database design skills 
to produce a design solution. The design of data structures and management will 
demonstrate partial understanding of the client's requirements and user needs. 


A design specification, project timescale and test plan will be created through appropriate 
design skills and techniques. The design specification will partially meet the client's 
requirements. 


Learning aim C 


For distinction standard, students will make effective use of tools and techniques 
to build a relational database solution that comprehensively meets the client's 
requirements. Effective understanding of data management will be demonstrated 
through the development of a fully functional relational database. 


Students will conduct effective object and usability testing. Students will use the 
outcomes of the testing and a thorough self-review of their relational database to 
make considered refinements to the final relational database. 


For merit standard, students will make good use of tools and techniques to build 

a relational database solution that meets most of the client's requirements. Good 
understanding of data management will be demonstrated through the development 
of a functional relational database. 


Students will conduct appropriate object and usability testing. Students will use the 
outcomes of the testing and a self-review of their relational database to make 
appropriate refinements to the final relational database. 


For pass standard, students will make basic use of tools and techniques to build 

a relational database solution that partially meets the client’s requirements. Basic 
understanding of data management will be demonstrated through the development 
of an adequately functional relational database. 


Students will conduct straightforward object and usability testing. Students will use the 
outcomes of the testing and a self-review of their relational database to refine the final 
relational database. 
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5 Planning your programme 


Supporting you in planning and implementing your programme 
There will be lots of free teaching and learning support to help you deliver the new 
qualifications, including: 


e Our Delivery Guide will help you to plan how to deliver the content and assessments 
that make up Pearson Level 3 Alternative Academic Qualification BTEC National 
in Information Technology (Extended Certificate) qualification. It also highlights 
opportunities to develop the transferable skills identified within the units in this 
specification. 

e Sample Assessment materials are available for each external unit to help you to plan 
and prepare for assessments. 


e Our mapping document highlights key differences between the new qualification 
and Pearson BTEC Level 3 National Extended Certificate in Information Technology 
601/7575/8, which this qualification replaces. 


Is there a student entry requirement? 


As a centre it is your responsibility to ensure that students who are recruited have 
a reasonable expectation of success on the programme. There are no formal entry 
requirements but we expect students to have qualifications at or equivalent to Level 2. 


Students are most likely to succeed if they have: 

e five GCSEs at good grades, and/or 

e BTEC qualification(s) at Level 2 

e achievement in English and mathematics through GCSE or Functional Skills. 


Students may demonstrate ability to succeed in various ways. For example, students may 
have relevant work experience or specific aptitude shown through diagnostic tests or 
non-educational experience. 
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6 Understanding the qualification grade 


Awarding and reporting for the qualification 


This section explains the rules that we apply in awarding a qualification and in providing 
an overall qualification grade for each student. It shows how all the qualifications in this 
sector are graded. 


The awarding and certification of these qualifications will comply with regulatory 
requirements. 


Eligibility for an award 
In order to be awarded a qualification, a student must: 
e achieve Near Pass (N) or above in all external units 


e complete and have an outcome (D, M, P, N or U) for all units within a valid 
combination 


e achieve the minimum number of points at a grade threshold. 


Students who do not achieve the required minimum grade (N) for the external 
assessments will not achieve a qualification. 


Awarding the qualification grade 


The final grade awarded for a qualification represents an aggregation of a student's 
performance across the qualification. As the qualification grade is an aggregate of the 
total performance, there is some element of compensation in that a higher performance 
in some units may be balanced by a lower outcome in others. 


BTEC Nationals are Level 3 qualifications and are awarded at the grade ranges shown in 
the table below. 


Qualification Available grade range 


Extended Certificate P to D* 


The Awarding the qualification grade table, shown further on in this section, shows the 
minimum thresholds for calculating these grades. The table will be kept under review 
over the lifetime of the qualification. The most up-to-date table will be issued on our 
website. 


Pearson will monitor the qualification standard and reserves the right to make 
appropriate adjustments. 
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Students who do not meet the minimum requirements for a qualification grade to be 
awarded will be recorded as Unclassified (U) and will not be certificated. They may receive 
a Notification of Performance for individual units. The Information Manual gives full 
information. 


Points available for internal units 


The table below shows the number of points available for internal units. For each internal 
unit, points are allocated depending on the grade awarded. 


U 0 
Pass 6 
Merit 10 
Distinction 16 


Points available for external units 


Raw marks from the external units will be awarded points based on performance in the 
assessment. The table below shows the minimum number of points available for each 
grade in the external units. 


U 0 
Near Pass 8 
Pass 12 
Merit 20 
Distinction 32 


Pearson will automatically calculate the points for each external unit once the external 
assessment has been marked and grade boundaries have been set. For more details 
about how we set grade boundaries in the external assessment please go to our website. 
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Claiming the qualification grade 


Subject to eligibility, Pearson will automatically calculate the qualification grade for your 
students when the internal unit grades are submitted and the qualification claim is made. 
Students will be awarded qualification grades for achieving the sufficient number of 
points (with valid combinations) within the ranges shown in the relevant Awarding the 
qualification grade table for the cohort. 


Awarding the qualification grade 


Applicable for registration from 1 August 2025. 


Extended Certificate (360 GLH) 


U 0 

Pass 36 
Merit 52 
Distinction 74 
Distinction * 90 


The table is subject to review over the lifetime of the qualification. The most up-to-date 
version will be issued on our website. 
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Example grading table for Pearson Level 3 Alternative Academic 
Qualification BTEC National in Information Technology (Extended 
Certificate) 


Unit Type Grade Unit 

number (Int/Ext) points 

1 120 Ext Merit 24 

2 120 Ext Near Pass 8 

3 60 Int Pass 6 

4 60 Int Merit 10 
TOTAL 360 Pass 48 

Pearson Level 3 Alternative Academic Qualification BTEC National in Information Technology 109 


(Extended Certificate) - Specification - Issue 1 - July 2024 © Pearson Education Limited 2024 


110 Pearson Level 3 Alternative Academic Qualification BTEC National in Information Technology 
(Extended Certificate) - Specification - Issue 1 - July 2024 © Pearson Education Limited 2024 


Appendix 1 Glossary of terms used for 
internally assessed units 


Adequate Student work is satisfactory or acceptable in quality and quantity. 


Analyse Students break the issue/situation down into the key elements and 
show their understanding of the issues/situation applied to the 
scenario/context. Responses would be significantly beyond generic. 


Apply/use/employ | Students implement a method, technique, process or approach in an 
activity. 


Assess Students give careful consideration to all the factors or events that 
apply, identify which are the most important or relevant and make 
a judgement on the importance of the factors. 


Carry out Students demonstrate skills through practical activities, in line with 
certain requirements. 

Clear/ly The qualities required are well demonstrated, unambiguous and beyond 
a basic level. 

Coherent Student intentions are clear, logically structured and can be interpreted 
by others. 

Compare Students show knowledge and understanding by identifying the main 


factors relating to two or more items/situations or aspects of a subject 
that is extended with the required explanations, e.g. similarities/ 
differences, advantages/disadvantages, impacts. 


Comprehensive Used to describe either scope or depth, e.g. 

e Student work is well developed and thorough covering all 
aspects/information in terms of both depth and breadth 

Or: 

e Students demonstrate in-depth and accurate understanding of the 
aspects being assessed. 


Confident Student work demonstrates well-developed and secure application of 
skills or processes that are significantly beyond a basic level. 

Consistent Students demonstrate reliable and constant practice that maintains a 
set standard. 

Create/produce Students generate an idea/outcome to specific criteria. 

Demonstrate Students carry out and apply knowledge, understanding and/or skills in 


a practical situation. 


Describe Students provide an account of something, or highlight a number 
of key features of a given topic or process that shows a level of 
understanding. 


Detailed Students cover most if not all of the expected requirements and 
demonstrate a high level of understanding. 
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Develop Students apply a process of improving/progressing skills, concepts or 
work in order to produce outcomes. 


Discuss An issue, situation, process will be presented and the student will need 
to break the issue/situation/process down into the key elements, show 
their understanding of the issues/situation/process applied to the 
scenario/context (So generic answers are not acceptable), and show 
interrelationship in their answers. 


Effective Students demonstrate skills or provide outcomes that are well 
developed with a range of proficient qualities and that achieve 
objectives 

Evaluate Students consider various aspects of a subject's qualities in relation 


to its context such as: strengths or weaknesses, advantages or 
disadvantages, pros or cons. They will come to a judgement supported 
by evidence which will often be in the form of a conclusion. 


Examine Students demonstrate an ability to thoroughly inspect something in 
order to determine its qualities beyond a basic exploration. 

Explain Students can give an insight into the topic showing some level of 
understanding by providing reasons or examples. 

Explore Students undertake practical research or investigation to develop their 
skills or understanding of the topic/activity. 

Implement Students take actions or measures to put something into effect. 

Investigate Students perform a systematic inquiry into a topic using research skills, 
usually to demonstrate their understanding of a topic. 

Justify Students give relevant and logical reasons or evidence to support their 
actions or opinions. 

Partial/some To an extent, but not completely. Students do not include all of the 
requirements. 

Perform Students demonstrate a range of skills required to complete a given 
activity. 

Prepare Students organise a task/equipment/individuals/activities in advance of 


carrying it out. 


Realistic/feasible Students demonstrate insight into the logistics and manageability of 
proposals/plans/objectives/ideas and show consideration of the 
potential to achieve the outcomes. 


Refine/optimise Students make considered improvements to outcomes. 

Review Students consider evidence in order to make judgements about the 
qualities. 

Understand Students demonstrate insight or ability to interpret a subject. 

Undertake Students demonstrate skills through practical activities, often referring 


to given processes or techniques. 
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Appendix 2 Transferable Skills framework 


Code = transferable skill initials-skill cluster initials 


Managing yourself 


Code 
MY-TPR 


Skill cluster 


Taking personal responsibility 


Performance Descriptor 


Demonstrates understanding 
of their role and 
responsibilities and the 
expected standards of 
behaviour. 


Demonstrates compliance 
with codes of conduct and 
ways of working. 


Makes use of available 
resources to complete tasks. 


Manages their time to meet 
deadlines and the required 
standards. 


Demonstrates accountability 
for their decisions or actions. 


MY-PS&R 


Personal strengths and resilience 


Identifies own personal 
strengths and demonstrates 
the ability to use these in 
relevant areas. 


Demonstrates the ability to 
adapt own mindset and 
actions to changing situations 
or factors. 


Uses challenges as learning 
opportunities. 
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Code | Skill cluster | Performance Descriptor 


MY-COP Career orientation planning e Undertakes research to 
understand the types of roles 
in the sector in which they 
could work. 


e Reviews own career plans 
against personal strengths 
and identifies areas for 
development to support 
progression into selected 
careers. 


e Takes part in sector-related 
experiences to support career 
planning. 


MY-PGS Personal goal setting e Sets SMART goals using 
relevant evidence and 
information. 


e Reviews progress against 
goals and identifies realistic 
areas for improvement. 


e Seeks feedback from others 
to improve own performance. 
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Effective learning 


Code 
EL-MOL 


ELeCL 


| Skill cluster 


Managing own learning 


Continuous learning 


| Performance Descriptor 


Maintains a focus on own 
learning objectives when 
completing a task. 


Demonstrates the ability to 
work independently to 
complete tasks. 


Reviews and applies learning 
from successful and 

unsuccessful outcomes to be 
effective in subsequent tasks. 


Engages with others to obtain 
feedback about own learning 
progress. 


Responds positively to 
feedback on learning progress 
from others. 


Monitors own learning and 
performance over the short 
and medium term. 


EL-SRS 


Secondary research skills 


Defines the research topic or 
question. 


Uses valid and reliable 
sources to collate secondary 
data. 


Interprets secondary data and 
draws valid conclusions. 


Produces a reference list and 
cites sources appropriately. 


EL=PRS 


Primary research skills 


Defines the research topic or 
question. 


Carries out primary data 
collection using appropriate 
and ethical research 
methodology. 


Interprets primary data to 
draw valid conclusions 
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Interpersonal skills 


Code Skill cluster Performance Descriptor 


IS-WC Written communication e Produces clear formal written 
communication using 
appropriate language and 
tone to suit purpose. 


IS-V&NC Verbal and non-verbal e Uses verbal communication 
communications skills confidently to suit 
audience and purpose. 


e Uses body language and 
non-verbal cues effectively. 


e Uses active listening skills and 
checks understanding when 
interacting with others. 


IS-T Teamwork e Engages positively with team 
members to understand 
shared goals and own roles 
and responsibilities. 


e Respectfully considers the 
views of team members and 
consistently shows courtesy 
and fairness. 


e Completes activities in line 
with agreed role and 
responsibilities. 


e Provides support to team 
members to achieve shared 
goals. 


IS-C&S| Cultural and social intelligence e Demonstrates awareness of 
own cultural and social biases. 


e Demonstrates diversity, 
tolerance and inclusivity 
values in their approach to 
working with others. 
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Solving problems 


Code 
SP-CT 


Skill cluster 


Critical thinking 


Performance Descriptor 


Demonstrates understanding 
of the problem or issue to be 
addressed. 


Makes use of relevant 
information to build ideas and 
arguments. 


Assesses the importance, 
relevance and/or credibility of 
information and ideas. 


Analyses, interprets and 
evaluates information to 
present reasoned 
conclusions. 


S| 


Problem solving 


Presents a clear definition of 
the problem. 


Gathers relevant information 
to formulate proposed 
solutions. 


Selects relevant and 
significant information to 
formulate proposed solutions. 


Identifies negative and 
positive implications of 
proposed solutions. 


Presents and justifies selected 
solutions to problems. 


SP-C&l 


Creativity and innovation 


Identifies new and relevant 
ideas to help solve a problem. 


Refines ideas into workable 
solutions based on test 
results and/or feedback. 
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Appendix 3 Digital Skills framework 


Problem solving 


Using digital tools to analyse and solve problems: 


Performance descriptor Unit mapping 

Use digital tools and techniques for research, Unit 3, content area A and 

collaboration and resolution of problems. Unit 4 content area A 

Have up-to-date knowledge of ways that technology is Unit 3, content area A and 

used within a sector. Unit 4 content area A 

Present ideas and finding using digital tools. Unit 3, content area B and 
Unit 4 content area B 

Use digital tools to manipulate data. Unit 4 content area C 


Digital collaboration and communication 


Using digital tools to communicate and share information with stakeholders: 


Performance descriptor Unit mapping 


Understand and use digital collaboration and N/A 
communication platforms. 


Use collaboration tools to meet with, share and N/A 
collaborate with customers and colleagues. 


Transacting digitally 


Using digital tools to set up accounts and pay for goods/services: 


Performance descriptor Unit mapping 


Use online systems to access and update digital records. |N/A 


Set-up accounts to complete transactions. Unit 3, content area C 
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Digital security 
Identify threats and keep digital tools safe: 


Performance descriptor Unit mapping 


Understand the types of malware. 


Unit 1, content area B and 
Unit 2 content areaA 


Understand the threats involved in carrying out online 
activities. 


Unit 2, content area A 


Protect personal and organisation information and data. 


Unit 2, content area A and B 


Keeping systems secure. 


Unit 2, content area A and B 


Handling data safely and securely 


Follow correct procedures when handling personal and organisational data: 


Performance descriptor 


Manage passwords and keep them secure. 


Unit mapping 


Unit 1, content area B 


Identify website and services that are secure and 
insecure, 


Unit 1, content area B 


Understand the digital policy for a sector. 


Unit 3, content area A and 
Unit 4 content areaA 


Understand the impact of online data. 


Unit 1, content area C 


Understand copyright and intellectual property. 


Unit 3, content area A 
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Appendix 4 Sustainability framework 


Sustainable development goal 


Unit mapping 


SDG 1: No poverty 


SDG 2: Zero hunger N/A 
SDG 3: Good health and wellbeing N/A 
SDG 4: Quality education N/A 
SDG 5: Gender equality N/A 
SDG 6: Clean water and sanitation N/A 
SDG 7: Affordable and clean energy N/A 
SDG 8: Decent work and economic growth N/A 


SDG 9: Industry, innovation and infrastructure 


Unit 1, content area A 
and Unit 2, content 
area A 


SDG 10: Reduced inequalities 


Unit 1, content area F 
and Unit 3, content 
area C 


SDG 11: Sustainable cities and communities 


N/A 


SDG 12: Responsible consumption and production 


Unit 1, content area F 


SDG 13: Climate action 
SDG 14: Life below water 


N/A 
N/A 


SDG15: Life on land 


N/A 


SDG 16: Peace, justice and strong institutions 


Unit 1, content area F 
and Unit 3, content 
area B 


SDG 17: Partnerships for the goals 


N/A 
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